Manager, Security Detection and Response

Every moment of every day, people around the world rely on the energy they access through infrastructure built by Quanta. Comprising the largest skilled-labor force in North America, our employees are highly skilled and innovative, continually working to connect people and power. We’re building the infrastructure that supports the energy transition, and there are more opportunities than ever to be part of our team. Join us and build your career building a brighter future.

Imagine what you could do here. We encourage, inspire, and support our people to seize opportunities in our corporate office and with hundreds of our operating companies worldwide that provide solutions for the utility, renewable energy, electric power, industrial, and communications industries.

Quanta actively promotes and maintains a culture of belonging where all employees can be themselves, live their values, and find opportunities to succeed. When you join our team, you join a dynamic organization in which career development is encouraged, excellence is rewarded, and diversity is prized. Come find out how our people power modern life.

The Manager, Security Detection & Response leads Quanta’s 24x7 detection and response capability, owning the full lifecycle from threat detection through containment, eradication, and post-incident review. This is a hands-on technical leadership role responsible for managing a high-performing team of SOC analysts and threat hunters, driving the maturity of Quanta’s Security Operations function, and serving as the authoritative subject-matter expert on security monitoring, SIEM, SOAR, threat hunting, and incident response across a large, complex multi-subsidiary enterprise.

The ideal candidate brings deep technical depth in threat hunting, detection operations, and incident response, proven leadership experience, and the communication skills to engage with executive stakeholders and operating unit leaders across Quanta’s broad portfolio of companies.

Threat Hunting & SIEM Operations

• Own and continuously mature the enterprise SIEM platform (e.g., Splunk, Microsoft Sentinel, IBM QRadar), including content development, correlation rules, dashboards, and alert fidelity optimization across IT and OT/ICS environments.
• Lead and direct a team of threat hunters executing proactive, hypothesis-driven hunting operations using MITRE ATT&CK and other threat intelligence frameworks, with particular focus on adversary techniques targeting critical infrastructure and utilities.
• Manage SOAR playbooks and automated response workflows (e.g., Splunk SOAR, Microsoft Sentinel Automation, Palo Alto XSOAR) to accelerate mean time to detect (MTTD) and mean time to respond (MTTR); drive measurable improvement quarter over quarter.
• Oversee integration of detection telemetry from endpoint protection platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender), network security controls (e.g., secure web gateways, NGFW, proxy), vulnerability management feeds, and cloud security tooling into the SIEM pipeline.

Incident Response & Threat Management

• Direct and command security incident response operations, from initial triage and containment through root cause analysis and lessons-learned review; serve as IR commander for high-severity events.
• Develop, maintain, and rehearse incident response plans and playbooks, including scenarios specific to OT/ICS environments and critical infrastructure disruption.
• Coordinate with operating unit security liaisons, legal, communications, and executive leadership during significant security events; manage evidence preservation and chain-of-custody requirements.
• Oversee structured threat hunting campaigns; ensure hunt findings are translated into durable detections, documented in hunt reports, and fed back into the detection pipeline to continuously improve coverage.

Team Leadership & Program Management

• Lead, mentor, and develop a team of SOC analysts and threat hunters; manage hiring, performance reviews, career development, and retention.
• Define and track SOC performance metrics and SLAs; report on program effectiveness, KPIs, and risk posture to senior leadership on a regular cadence.
• Partner with Security Engineering, Identity, and GRC teams to operationalize security controls, drive vulnerability remediation prioritization, and support audit and compliance activities (SOC 2, CIS Controls v8, NIST CSF).
• Manage relationships with MDR/MSSP partners, threat intelligence providers, and relevant ISACs to augment internal capabilities and maintain situational awareness.
• Develop and deliver tabletop exercises, hunt team training, and functional security awareness content for SOC staff, threat hunters, and IT/OT stakeholders.
• Adhere to all internal standards, policies, and procedures; perform other duties as assigned.
• Manages the IT Security Operations team that operates and maintains production information security systems.
• Works with senior leaders across the business to assess and communicate acceptable levels of risk.
• Develops, mentors and manages a high performing staff of information security professionals; including performance management, employee relations, etc. are in place while being responsible for retention and employee development.
• Oversees Quanta’s information security review, vulnerability management and pen testing.
• Ensures proper security documentation is in place.
• Develops business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.
• Monitors the industry and external environment for emerging threats and advises relevant stakeholders on appropriate courses of action.
• Oversees incident response planning and the investigation of security breaches, and assists with any associated disciplinary, public relations and legal matters.
• Maintains technical reference library; develops training material and workshops for IT, program and security staff as appropriate.
• Adheres to internal standards, policies and procedures.
• Performs other duties as assigned.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field; or equivalent combination of education and professional experience.
• 7+ years of progressive experience in cybersecurity with a minimum of 5 years in security operations, threat hunting, or incident response.
• 3+ years of direct people management experience, including performance management, hiring, and employee development.
• Hands-on expertise with enterprise SIEM platforms (e.g., Splunk, Microsoft Sentinel, IBM QRadar); demonstrated ability to author detection content, write complex queries, and conduct forensic investigations.
• Practical experience with endpoint detection and response (EDR) platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint), network security tooling, and cloud security environments (Microsoft Azure, AWS).
• Strong understanding of threat intelligence frameworks (MITRE ATT&CK, Diamond Model, Kill Chain) and their operational application.
• Demonstrated ability to lead incidents under pressure, communicate clearly to executive audiences, and produce high-quality written post-incident reports.

Preferred Education and Experience

• Master’s degree in Cybersecurity, Computer Science, or MBA.
• Experience in critical infrastructure, utilities, energy, or industrial sector environments, with exposure to OT/ICS security monitoring.
• Experience with SOAR platforms and developing automated detection and response workflows at enterprise scale.
• Familiarity with Privileged Access Management (PAM) solutions and privileged account monitoring as a detection surface.
• Experience supporting compliance programs (SOC 2 Type II, NIST CSF, CIS Controls v8, NERC CIP).

LICENSES / CERTIFICATIONS:

Required Licenses/Certifications

• Certified Information Systems Security Professional (CISSP)

Preferred Licenses/Certifications

• One of the following certifications
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Enterprise Defender (GCED) or GCIA
  • Certified Information Security Manager (CISM)

SUPERVISORY RESPONSIBILITIES:

Supervises others:  Yes

Has hiring and terminating responsibilities:  Yes

Number of employees report to this job:  0 Subordinate Supervisory Employees, 5 Non-Supervisory Employees

TRAVEL REQUIREMENTS:

Travels: Yes

Percent of time: 10%

Overnight required: N/A  

Location: Houston, TX (Hybrid – 2 days in the office)

PHYSICAL DEMANDS:

If one-third of the time – “seldom” or “occasionally” If one-third to two-thirds of the time or more occasionally to frequently” If more than two-thirds of the time – “constantly”]

• Stationary Position - Seldom
• Pushing/Pulling/Reaching - Seldom
• Climb - Seldom
• Kneel - Seldom
• Grab - Seldom
• Bend - Seldom
• Lift/carry over - 10 - 30 LBS
• Vision - 20/20 Corrected Vision
• Hearing - Receive detailed information if spoken to

WORKING CONDITIONS:

• Wet or Humid - Seldom
• Working near or on moving mechanical parts - Seldom
• Working near or on heavy machinery - Seldom
• Working in high places - Seldom
• Exposed to fumes or airborne particles - Seldom
• Exposed to toxic or caustic chemicals - N/A
• Frequency of working in outdoor weather conditions - Seldom
• Work with Electricity - Seldom
• Work with explosives - N/A
• Work on or near a source of radiation - N/A
• Loud noise conditions (above 87dB)- Seldom
• Other Environmental Factors including weather conditions___N/A___________________

Note: This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, working conditions, physical demands, and activities my change or new ones may be assigned at any time with or without notice.

Quanta provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, national origin or ancestry, sex (including gender, pregnancy, sexual orientation, and/or gender identity), age, disability, genetic information, veteran status, and/or any other basis protected by applicable federal, state or local law.

We are an Equal Opportunity Employer, including disability and protected veteran status.

We prohibit all types of discrimination and are committed to providing access and equal opportunity for individuals with disabilities. For additional information or if reasonable accommodation is needed to participate in the job application, interview, or hiring processes or to perform the essential functions of a position, please contact us the Company’s Human Resources department.