Manager, Cyber Defense

ABOUT THE DEPARTMENT

The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape.

This role sits within a newly restructured cybersecurity organization that's leading this transformation. You'll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence-working alongside experts who are deeply committed to service, innovation, and impact.

If you're driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table.

POSITION SUMMARY

As the Manager, Cyber Defense you will be an integral leader of the cybersecurity department while also collaborating with stakeholders across the university ecosystem, and reporting to the Director, Cyber Defense. This is a full-time exempt position, eligible for all of USC's fantastic Benefits + Perks. This opportunity is remote.

The Manager, Cyber Defense manages and supports the Cyber Defense program under the guidance of the Cyber Defense Director, ensuring the continuity of the university's education and research missions without disruption from cybersecurity threats. Leads day-to-day operations of the university's Security Operations Center (SOC), with responsibility for threat detection, security monitoring, incident response, and frontline analyst oversight. Ensures that tooling, workflows and metrics align with enterprise risk and threat intelligence priorities. Works cross-functionally with endpoint, IAM, cloud, CTI, OT and vendor teams to improve alert fidelity, accelerate containment, and uphold cybersecurity standards and service levels. Leads incident response and mitigation efforts and ensures that standard operating procedures are defined, tracked and met throughout.

The Manager, Cyber Defense will:

• Manages and supports the Cyber Defense program under the guidance of the Cyber Defense Director. Assists executive leadership in developing and enhancing Cyber Defense capabilities by leveraging expertise in various aspects of the Cyber Defense landscape. Plans, budgets, and directs Cyber Defense activities to ensure alignment with organizational goals and cybersecurity strategies. Oversees the day-to-day operations of the Cyber Defense function, ensuring alignment with cybersecurity strategies and goals.

• Oversees day-to-day SOC operations and staff, including triage, escalation, and response activities across a range of cybersecurity incidents. Owns the lifecycle of SIEM and EDR use cases, including detection rule development, tuning for false positives, and validation against threat intelligence. Develops and implements security monitoring policies, procedures, standards, and clearly defined roles and responsibilities. Identifies opportunities to enhance threat intelligence and security monitoring coverage. Sets monitoring expectations and goals in alignment with the university's cybersecurity strategy. Tracks and reports potential security violations, ensuring compliance with cybersecurity standards.

• Supports and manages the university's Incident Response (IR) program, ensuring all IR activities align with the university's IR Plan. Leads internal investigations of security incidents and responds to cybersecurity events. Collaborates with legal, compliance, and regulatory teams to address forensic issues and risks associated with security incidents. Works closely with managed service providers to enhance cybersecurity incident response and mitigation efforts.

• Delivers regular operational reports to senior leadership, summarizing activity trends, performance and key risk indicators. Generates and maintains reports on security monitoring efforts, security status and incident response effectiveness. Ensures compliance with cybersecurity policies, regulations, and industry standards. Supports and manages the systems and programs that monitor the university's assets, network and data, ensuring the prevention of events that negatively impact confidentiality, availability and integrity.

• Participates in staff management activities (e.g., hiring, coaching, training, performance reviews, pay actions, and promotions). Offers recommendations to leadership on security monitoring and incident response strategies based on informed analysis.

• Helps set security monitoring expectations and goals that support the university's cybersecurity strategy. Implements, or assists in coordinating the implementation of, security monitoring policies, procedures, standards, and roles and responsibilities. Seeks opportunities to improve threat intelligence and security monitoring coverage. Manages operational metrics and KPIs including MTTR, detection coverage, alert volume, and false positive rates.

• Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Encourages a workplace culture where all employees are valued, value others and have the opportunity to contribute through their ideas, words and actions, in accordance with the USC Code of Ethics.

MINIMUM QUALIFICATIONS

Great candidates for the position of Manager, Cyber Defense will meet the following qualifications:

• 5 years in key Cyber Defense areas, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management).

• A Bachelor's degree or combined experience/education as substitute for minimum education.

• In-depth knowledge of industry standards, regulations, and new industry developments/trends.

• Ability to interface with teams across the CISO Office and ITS, such as Enterprise and Infrastructure Services, and across USC IT teams

• Thorough understanding of technology, tools, policies and standards related to security systems and incident response.

• Understanding and technical knowledge of Cyber Defense concepts, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management).

• Strong leadership and people management skills.

• Solid technical knowledge and troubleshooting skills.

• Ability to work effectively in high-stress situations and in managing crisis situations.

• Skilled in communicating with a diverse range of stakeholders and business partners, especially in high-stress or crisis situations.

• Knowledge of customer service performance metrics.

• Experience in the management and/or implementation of security monitoring, anti-malware, and vulnerability management technologies.

• Strong understanding of detection frameworks (MITRE ATT&CK, D3FEND), SIEM and EDR operations, and playbook development.

• Experience with Chronicle, ThreatQ, Proofpoint, SentinelOne, and related security technologies.

• Experience managing third-party security service providers.

• CISSP certification.

• ITIL Certified.

• The role requires participation in emergency response activities, after-hours escalations, and incident postmortems as needed.

PREFERRED QUALIFICATIONS

Exceptional candidates for the position of Manager, Cyber Defense will also bring the following qualifications or more:

• 7 years of relevant experience.

• One or more relevant GIAC certifications (e.g., Security Essentials [GSEC], Certified Perimeter Protection Analyst [GPPA], Certified Enterprise Defender [GCED]).

In addition, the successful candidate must also demonstrate, through ideas, words and actions, a strong commitment to USC's Unifying Values of integrity, excellence, community, well-being, open communication, and accountability.

SALARY AND BENEFITS

The annual base salary range for this position is $184,219.18 to $223,110.07. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate's work experience, education/training, key skills, internal peer alignment, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

To support the well-being of our faculty and staff, USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents' health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USC's comprehensive benefits here.

Join the USC cybersecurity team within an environment of innovation and excellence.

Minimum Education: Bachelor's degree
Minimum Certifications: CISSP certification. ITIL Certified.
Addtional Education Requirements Combined experience/education as substitute for minimum education
Minimum Experience: 5 years in key Cyber Defense areas, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management).
Minimum Skills: In-depth knowledge of industry standards, regulations, and new industry developments/trends. Ability to interface with teams across the CISO Office and ITS, such as Enterprise and Infrastructure Services, and across USC IT teams Thorough understanding of technology, tools, policies and standards related to security systems and incident response. Understanding and technical knowledge of Cyber Defense concepts, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management). Strong leadership and people management skills. Solid technical knowledge and troubleshooting skills. Ability to work effectively in high-stress situations and in managing crisis situations. Skilled in communicating with a diverse range of stakeholders and business partners, especially in high-stress or crisis situations. Knowledge of customer service performance metrics. Experience in the management and/or implementation of security monitoring, anti-malware, and vulnerability management technologies. Strong understanding of detection frameworks (MITRE ATT&CK, D3FEND), SIEM and EDR operations, and playbook development. Experience with Chronicle, ThreatQ, Proofpoint, SentinelOne, and related security technologies. Experience managing third-party security service providers.
Preferred Certifications: One or more relevant GIAC certifications (e.g., Security Essentials [GSEC], Certified Perimeter Protection Analyst [GPPA], Certified Enterprise Defender [GCED]).
Preferred Experience: 7 years