Director, Security Operations

Role Overview

• Own and drive the strategy, roadmap, and maturation of LastPass's Security Operations function
• translating the threat landscape into a multi-year program plan that scales with the business
• Lead all response operations across the full incident lifecycle, from detection and triage through containment, eradication, recovery, and post-incident review
• Build, develop, and retain a high-performing team of analysts and engineers
• setting clear performance expectations, career development pathways, and a culture of operational excellence
• Partner with the CISO, Legal, and Communications to manage high-severity incidents, coordinating executive response and fulfilling regulatory notification obligations
• Define and own detection and response program metrics, SLAs, and reporting frameworks
• providing the CISO and board with clear, evidence-based visibility into program maturity and risk posture
• Champion the integration of AI-assisted triage, automation pipelines, and Detection-as-Code methodologies to reduce analyst toil and drive down mean-time-to-respond
• Establish and maintain strategic relationships with external partners
• including threat intelligence vendors, law enforcement, and industry information-sharing groups — to strengthen LastPass's situational awareness
• Collaborate across Business Technology, Cloud Security, and Platform Engineering to ensure cohesive detection coverage and coordinated response capability across the full technology estate

Requirements

• Proven experience in security operations, including senior leadership ownership of an incident response or cyber defense function at scale
• Proven ability to build, lead, and develop high-performing security teams
• including managing through managers
• in a fast-paced, high-stakes environment
• Advanced, hands-on knowledge of the CSIRT/SOC discipline: digital forensics, threat intelligence, malware analysis, network analysis, or incident handling across cloud-native and hybrid infrastructure
• Expert-level command of security frameworks including MITRE ATT&CK, NIST CSF, and the SANS incident response lifecycle, with demonstrated application in real-world program design
• Proven track record of engaging executive leadership, legal counsel, and external stakeholders during major security incidents, including regulatory and board-level communication
• Strategic thinker who can translate complex threat landscapes into clear program priorities and communicate risk in business terms to non-technical audiences
• Operates with calm authority under pressure
• able to drive decisive, coordinated action during high-severity incidents while sustaining team morale and stakeholder confidence
• Builds influence across organizational boundaries, driving security outcomes through cross-functional alignment without relying on positional authority.
• Experience in the password management, identity security, or SaaS security product domain (it's great, but not required)
• Background in red team operations, adversary simulation, or threat hunting as a complement to defensive program leadership (it's great, but not required)
• Proficiency in Python or PowerShell to drive automation and accelerate detection and response workflows, or experience managing teams and programs who perform these functions (it's great, but not required)

Tech Stack

• Cloud
• Python

Benefits

• Competitive compensation
• Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
• Parental leave
• Comprehensive health coverage, including dependents
• Home office setup support
• LastPass Families free account for up to 5 members
• Continuous learning and development opportunities, including an annual learning stipend to invest in your growth
• Peer-to-peer recognition through Motivosity
• Employee Assistance Program for well-being support
• Remote work stipend to support your home office needs
• Short-Term or Remote-Centric Work Arrangements for added flexibility