Head of Security Operations

This global leadership role in cyber security is to manage the Security Operations (SecOps) team responsible for design, implementation, and evolution of Canonical security practices, techniques, tools, systems, and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure, and build processes. They are responsible for assuring the security and integrity of our infrastructure and product deployments. They design and implement technical security controls to automatically identify, contain, and remediate security threats. The team will also contribute ideas and requirements for Canonical product security, enhancing resilience and robustness for Ubuntu customers and users subject to cyber attacks.

As a leader in cybersecurity within the company, the SecOps team manager will collaborate with the Organizational Learning and Development team to develop playbooks and facilitate SecOps training across Canonical. They will operate within a wider security organization, lead a high-performing security team, and improve Canonical's security posture. They will also lead initiatives to integrate the team's insights into Canonical's broader software development processes.

While this is a management position, we expect managers to be expert practitioners, able to lead by example, contribute at the highest level, and assess work based on their own professional experience and skills. Candidates should have deep, hands-on expertise with a range of open source and proprietary security tools and practices, which they can integrate into a holistic next-generation security solution across Canonical's interests.

The SecOps team's mission is not only to secure Canonical but also to contribute to the security of the wider open-source ecosystem. They might share knowledge through public presentations, industry events, threat intelligence sharing, and representing Canonical in sector-specific governance bodies.

This role reports to the CISO.

What you will do in this role:

• Hire and mentor a team of outstanding technical security professionals
• Define Canonical's SecOps security standards and playbooks
• Own and drive the architecture and design of the SOC
• Analyze and improve Canonical's security architecture
• Evaluate, select, and implement new security tools and practices
• Identify, contain, and guide the remediation of security threats and cyber attacks
• Grow the presence and thought leadership of Canonical SecOps practice
• Contribute to open-source threat intelligence initiatives
• Drive threat modeling, tabletop exercises, and other SecOps practices across Engineering, IS, and Canonical
• Develop SecOps learning and development materials
• Publish blog posts, whitepapers, and conference presentations
• Identify, implement, and track SecOps KPIs
• Plan and deliver SecOps work within Canonical's agile engineering framework
• Work with Security leadership to present information and influence change

• Proven track record of mitigating threats from advanced threat actors and nation-states
• Expert technical understanding of SOCs from the ground up
• In-depth knowledge of SOC architecture and design, including logging, firewalls, network segmentation, honeypots, etc.
• Understanding of how the SOC works, not just how to use it
• Expertise in Linux security
• Ability to define, implement, automate, and measure effective incident response playbooks
• Knowledge of security architecture and market-leading security tools
• Experience contributing to and consuming threat intelligence feeds
• Experience with security risk management frameworks such as NIST CSF
• Exceptional academic record from high school through university
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of exceeding expectations
• Deep personal motivation to be at the forefront of security technology
• Leadership and management skills
• Excellent business English writing and presentation skills
• Confidence in reporting security performance metrics with accountability for accuracy and completeness

• Experience in offensive or defensive security teams with hands-on ability
• Experience with open-source security tools
• Experience with security standards such as ISO 27001
• Experience with security posture management of corporate endpoints