Manager, Security Operations

Location: United Kingdom – London Hybrid or Remote

Role Overview

Nasuni is seeking a deeply technical and operationally rigorous Manager, Security Operations to lead and evolve our enterprise cybersecurity operations program.

Reporting to the Chief Information Security Officer, this role owns internal security operations across detection, response, identity security, vulnerability management, and operational defense across cloud, endpoint, and hybrid environments.

You will lead a global security operations function responsible for incident response, SIEM/SOAR engineering, identity governance, endpoint and email security, and proactive threat detection. This is a hands-on, player-coach leadership role, managing a small but growing team across regions, including the US, UK and India.

This role requires someone who can personally lead high-severity incidents end-to-end, while also building and improving the systems, processes, and team around them.

This role includes participation in an on-call rotation and requires availability during high-severity incidents, including evenings or weekends as needed. You will act as a key escalation point in partnership with a 24x7 monitoring vendor.

Level & Scope Definition

This role leads enterprise-wide security operations and incident response across corporate systems and cloud infrastructure (primarily AWS).

The Manager defines operational security standards, drives detection quality improvements, leads automation initiatives, and serves as the primary escalation authority for high-severity incidents.

This is a player-coach role with:

• Direct people leadership (small, distributed team)
• Hands-on technical ownership (incident response, detection, tooling)
• Responsibility for centralizing and improving visibility across multiple security tools and signals

Success in this role is defined by:

• Measurable reduction in risk exposure
• Improved response times (MTTD / MTTR)
• Strong cross-functional coordination across regions (US, UK, India)
• Resilient, scalable security operations execution

Key Responsibilities

Security Operations Leadership

• Lead, mentor, and develop a high-performing, globally distributed security operations team
• Define operational standards, secure configuration baselines, and detection strategies
• Own the global cybersecurity on-call model, escalation procedures, and vendor interaction model
• Drive a culture of operational accountability, automation, and detection excellence
• Partner with GRC stakeholders to support audit and compliance requirements (SOC2, ISO, etc.)

Enterprise Security Operations

• Own enterprise cybersecurity operations across endpoint, identity, email, network, and cloud platforms (AWS primarily)
• Lead EDR operations including threat detection, investigation, containment, and response (e.g., SentinelOne)
• Own and evolve SIEM strategy, detection engineering, and integration roadmap
• Design and maintain SOAR automation and response playbooks
• Define and enforce identity governance, conditional access, and privileged access controls (Entra ID / M365)
• Evaluate and optimize security tooling, integrations, and telemetry quality

Incident Response & Threat Management

• Lead and own incident response from triage through resolution as escalation authority
• Continuously improve incident response plans, playbooks, and runbooks
• Coordinate with MDR partners and internal stakeholders during active incidents
• Conduct post-incident reviews and drive systemic remediation
• Improve detection quality, reduce alert fatigue, and optimize response metrics
• Defend against modern threats including phishing, BEC, malicious attachments, OAuth abuse, and AI-generated attack techniques

Vulnerability & Exposure Management

• Own the end-to-end vulnerability lifecycle across cloud, endpoint, and infrastructure assets
• Drive visibility and prioritization across multiple tools (e.g., Wiz, Rapid7, endpoint telemetry)
• Lead efforts to centralize vulnerability insights across platforms and improve risk-based prioritization
• Uphold remediation SLAs and drive cross-functional accountability
• Lead patch validation and automation initiatives

Metrics, Reporting & Automation

• Define and report cybersecurity KPIs and executive dashboards
• Implement automation to improve investigation speed, response consistency, and reporting quality
• Maintain operational documentation, SOPs, and architecture baselines
• Leverage automation and AI-assisted tooling to improve detection quality and operational efficiency

Required Qualifications

• 6–9+ years of experience in enterprise security operations
• 2–4+ years leading security operations teams or programs
• Proven experience personally leading incident response end-to-end (not limited to alerting or support roles)

Hands-on expertise with:

• SIEM engineering, detection tuning, and alert optimization
• SOAR playbook development and automation
• EDR platforms (e.g., SentinelOne) and endpoint detection/response
• Enterprise email security controls and phishing defense
• Identity security (Entra ID / Microsoft 365)
• Strong experience securing cloud environments (AWS required; Azure/GCP exposure a plus)
• Experience operating within an on-call rotation and escalation model
• Experience working with MDR or managed security partners
• Strong communication and decision-making skills during high-severity incidents
• Experience using scripting, automation, or query languages (e.g., Python, KQL) to improve workflows

Preferred Qualifications

• Experience centralizing or integrating multiple security tools into a unified operational view
• Experience with vulnerability management platforms (e.g., Wiz, Rapid7)
• Familiarity with GRC programs (SOC 2, ISO 27001) and audit support
• Experience operating across globally distributed teams and time zones
• CISSP or equivalent practical experience

Ideal Qualifications

• Experience building or maturing a security operations function in a cloud-first environment
• Demonstrated success improving detection quality, reducing alert fatigue, and improving MTTR
• Experience supporting M&A integration or scaling security programs
• Strong ability to balance hands-on technical depth with team leadership in a player-coach model

Experience Guidelines

Ideal candidates have led enterprise SecOps programs in cloud-forward, geographically dispersed environments, balanced operational leadership with hands-on technical contribution, and demonstrated measurable improvements in detection quality and response speed.

AI Competency Expectations

• Experience defending against AI-enabled phishing and social engineering attacks
• Experience leveraging automation or AI-assisted tooling to improve detection and response workflows
• Ability to assess emerging risks in identity, email, and OAuth ecosystems driven by AI-enabled threats

AI fluency enhances effectiveness but does not replace foundational SecOps depth.

Who Will Succeed in This Role

You will thrive if you:

• Remain technically hands-on while leading a team
• Are comfortable owning and leading high-severity incidents
• Value automation, detection precision, and measurable security outcomes
• Prefer operational ownership over compliance-only roles
• Can operate effectively across global teams and time zones

About Nasuni

Nasuni is the unstructured data foundation for enterprise teams—and the AI that supports them. We manage, protect, and activate the world’s unstructured data so organizations can work smarter, spend wisely, and create safely without limits. Our AI-ready platform modernizes enterprise file infrastructure—supporting secure collaboration, resilience, and intelligent automation for globally distributed organisations.

Why Work at Nasuni (London — Remote)

You’ll join an international team solving complex infrastructure challenges for enterprise customers across regions and time zones. Our remote roles in Europe are built for high ownership, clear communication, and cross-functional collaboration—delivering outcomes that improve how organisations store, protect, and activate unstructured data. If you enjoy working across cultures, building scalable systems, and partnering closely with stakeholders to deliver customer value, Nasuni offers the platform and mission to do it.

About Nasuni.

Nasuni is the leading hybrid cloud storage solution that powers business growth with effortless scalability, built-in security, and fast edge performance using a unique cloud-native architecture. The Nasuni File Data Platform delivers operational excellence by consolidating NAS and backup, eliminating data silos, and making management easy and flexible without changes to apps or workflows. Its built-in security offers proactive defense and rapid recovery, lowering organization’s risk from the detrimental effects of ransomware attacks and other disasters. Synchronized access to file data everywhere ensures user productivity by supporting remote and hybrid work.

Why work at Nasuni?   

As part of our commitment to your well-being, we are pleased to offer comprehensive benefits packages to employees across the world.  Benefits packages generally include:   

To all recruitment agencies: Nasuni does not accept agency resumes. Please do not forward resumes to our job boards, Nasuni employees or any other company location. Nasuni is not responsible for any fees related to unsolicited resumes.

Nasuni is an equal opportunity employer. The equal employment opportunity policy at Nasuni protects employees and job applicants from discrimination on the bases of race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. These protections extend to all management practices and decisions, including recruitment and hiring practices, appraisal systems, promotions, and training and career development programs.