Security Operations Manager
**This is a Permanent role ('Umowa o pracę') and not a B2B contract**
Role Overview
The Security Operations Manager is a hands-on leader responsible for ensuring Apollo’s ability to detect, investigate, respond to, and recover from security incidents effectively and at scale. This role blends strong people leadership, cross-functional collaboration, and deep technical expertise in modern security operations. The Manager is expected to lead by example, remain technically engaged, and actively contribute to investigations and high-severity incidents.
This role operates in a fully remote environment and requires excellent asynchronous communication and collaboration skills.
Key Responsibilities
Operational Leadership & Incident Response
Own and continuously improve end-to-end Security Operations processes, including detection, investigation, escalation, response, and post-incident activities.
Act as senior incident leader for high-severity incidents, ensuring timely containment, calm and structured decision-making, and clear stakeholder communication.
Lead and participate in complex security investigations spanning cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios.
Ensure high-quality post-incident reviews with clear root cause analysis, actionable remediation, and accountability for follow-through.
Detection, SIEM & Automation Strategy
Define and evolve SIEM strategy, including log source onboarding, detection use cases, alert tuning, data quality standards, and coverage validation.
Oversee creation and maintenance of detection logic, correlation rules, investigation playbooks, and response workflows.
Drive automation and orchestration initiatives to reduce manual effort and accelerate triage and response.
Champion the use of AI-assisted tools and techniques to expedite investigation, enrichment, decision-making, and response.
People Leadership, Culture & Growth
Build, lead, and retain a high-performing Security Operations team in a fully remote, distributed environment.
Foster a culture of trust, psychological safety, operational excellence, and continuous learning.
Provide clear expectations, regular feedback, and coaching aligned with individual strengths and career aspirations.
Establish and maintain clear career growth paths, helping engineers develop technical depth, operational ownership, and leadership capabilities.
Support onboarding, mentorship, documentation, and knowledge-sharing practices to strengthen team resilience and reduce single points of failure.
Cross-Functional Collaboration
Partner closely with Engineering, IT, Fraud, Legal, People, Support, and Product teams during investigations, incidents, and improvement initiatives.
Collaborate deeply with Fraud teams on abuse, account compromise, automation misuse, and anomalous behavior investigations.
Communicate security risk, incident impact, and remediation plans clearly to both technical and non-technical stakeholders.
Metrics, Reporting & Strategy
Define, track, and improve operational security metrics such as detection quality, investigation effectiveness, response outcomes, and incident trends.
Translate business risk and platform changes into actionable operational priorities and roadmap initiatives.
Contribute to the long-term Security Operations strategy for a cloud-native, SaaS-first platform, with GCP as the primary cloud environment.
Required Skills & Experience
(We expect strong candidates to meet most of these requirements; seniority may be calibrated based on demonstrated scope and impact.)
7+ years of experience in Security Operations, Incident Response, or Security Engineering.
3+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment.
Strong hands-on experience with SIEM platforms (experience with Panther is highly valued), detection engineering, log analysis, and security investigations.
Experience designing and automating security workflows and response processes.
Experience with cloud-native platforms (GCP preferred; AWS and Azure also relevant) and SaaS applications.
Proficiency in Python for automation, analysis, and tooling; familiarity with Ruby is a plus.
Excellent written and verbal communication, leadership, and stakeholder management skills.
Preferred Qualifications
Experience using AI or ML-assisted security tooling for detection, investigation, or response.
Familiarity with vulnerability management programs, SLAs, and remediation workflows.
Relevant certifications such as CISSP, GCIA, GCIH, GCED, or Google Professional Cloud Security Engineer / AWS Security Specialty.
About the job
Apply for this position
Security Operations Manager
**This is a Permanent role ('Umowa o pracę') and not a B2B contract**
Role Overview
The Security Operations Manager is a hands-on leader responsible for ensuring Apollo’s ability to detect, investigate, respond to, and recover from security incidents effectively and at scale. This role blends strong people leadership, cross-functional collaboration, and deep technical expertise in modern security operations. The Manager is expected to lead by example, remain technically engaged, and actively contribute to investigations and high-severity incidents.
This role operates in a fully remote environment and requires excellent asynchronous communication and collaboration skills.
Key Responsibilities
Operational Leadership & Incident Response
Own and continuously improve end-to-end Security Operations processes, including detection, investigation, escalation, response, and post-incident activities.
Act as senior incident leader for high-severity incidents, ensuring timely containment, calm and structured decision-making, and clear stakeholder communication.
Lead and participate in complex security investigations spanning cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios.
Ensure high-quality post-incident reviews with clear root cause analysis, actionable remediation, and accountability for follow-through.
Detection, SIEM & Automation Strategy
Define and evolve SIEM strategy, including log source onboarding, detection use cases, alert tuning, data quality standards, and coverage validation.
Oversee creation and maintenance of detection logic, correlation rules, investigation playbooks, and response workflows.
Drive automation and orchestration initiatives to reduce manual effort and accelerate triage and response.
Champion the use of AI-assisted tools and techniques to expedite investigation, enrichment, decision-making, and response.
People Leadership, Culture & Growth
Build, lead, and retain a high-performing Security Operations team in a fully remote, distributed environment.
Foster a culture of trust, psychological safety, operational excellence, and continuous learning.
Provide clear expectations, regular feedback, and coaching aligned with individual strengths and career aspirations.
Establish and maintain clear career growth paths, helping engineers develop technical depth, operational ownership, and leadership capabilities.
Support onboarding, mentorship, documentation, and knowledge-sharing practices to strengthen team resilience and reduce single points of failure.
Cross-Functional Collaboration
Partner closely with Engineering, IT, Fraud, Legal, People, Support, and Product teams during investigations, incidents, and improvement initiatives.
Collaborate deeply with Fraud teams on abuse, account compromise, automation misuse, and anomalous behavior investigations.
Communicate security risk, incident impact, and remediation plans clearly to both technical and non-technical stakeholders.
Metrics, Reporting & Strategy
Define, track, and improve operational security metrics such as detection quality, investigation effectiveness, response outcomes, and incident trends.
Translate business risk and platform changes into actionable operational priorities and roadmap initiatives.
Contribute to the long-term Security Operations strategy for a cloud-native, SaaS-first platform, with GCP as the primary cloud environment.
Required Skills & Experience
(We expect strong candidates to meet most of these requirements; seniority may be calibrated based on demonstrated scope and impact.)
7+ years of experience in Security Operations, Incident Response, or Security Engineering.
3+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment.
Strong hands-on experience with SIEM platforms (experience with Panther is highly valued), detection engineering, log analysis, and security investigations.
Experience designing and automating security workflows and response processes.
Experience with cloud-native platforms (GCP preferred; AWS and Azure also relevant) and SaaS applications.
Proficiency in Python for automation, analysis, and tooling; familiarity with Ruby is a plus.
Excellent written and verbal communication, leadership, and stakeholder management skills.
Preferred Qualifications
Experience using AI or ML-assisted security tooling for detection, investigation, or response.
Familiarity with vulnerability management programs, SLAs, and remediation workflows.
Relevant certifications such as CISSP, GCIA, GCIH, GCED, or Google Professional Cloud Security Engineer / AWS Security Specialty.