Senior Director, Cyber Security Detection and Response

Senior Director, Cyber Security Detection and Response

Synopsys is the leader in engineering solutions from silicon to systems, enabling customers to rapidly innovate AI-powered products. We deliver industry-leading silicon design, IP, simulation and analysis solutions, and design services. We partner closely with our customers across a wide range of industries to maximize their R&D capability and productivity, powering innovation today that ignites the ingenuity of tomorrow.

You have spent years building and running security operations that actually stop threats, not just detect them. You know the difference between a SOC that drowns in alerts and one that responds at machine speed with human judgment intact. When an incident breaks, you are the person everyone looks to, not because you have the loudest voice, but because you have run this play before and people trust your command.

You think in layers: endpoint, identity, cloud, network, data. You know that detection engineering is not about writing more rules, it is about writing the right ones, tuned to MITRE ATT&CK, validated against real adversary behavior, and operationalized so your analysts can act without hesitation. You have built or transformed SOCs before. You understand what it takes to move a team from reactive to proactive, from alert fatigue to signal clarity.

You are comfortable briefing a CISO during an active incident and then turning around to guide your analysts through containment without missing a beat. You do not wait for perfect information. You assess, decide, and move. You have a point of view on how AI and automation should be used in cyber defense, and you know where the human still needs to be in the loop. At Synopsys, you will own the full cyber defense lifecycle for a company that builds the technology powering the world's most advanced chips.

Lead detection engineering strategy and execution across endpoint, identity, cloud, network, and data layers, owning the full detection lifecycle from content development to deployment and tuning.

Run SOC and incident response operations, ensuring your team responds with speed, accuracy, and clear escalation paths when threats are identified.

Serve as Incident Commander for major security incidents, owning command structure, real-time decision-making, cross-functional coordination, and executive communications during high-severity events.

Build and mature the insider threat program, integrating behavioral analytics, threat intelligence, and investigative workflows into a repeatable, scalable capability.

Own the threat intelligence lifecycle from collection and analysis to operationalization, ensuring intel feeds directly into detection content, hunting hypotheses, and response playbooks.

Lead executive-level incident briefings and post-incident readouts, translating technical findings into clear risk narratives and actionable recommendations for leadership.

Drive adoption of AI and automation in detection and response workflows, evaluating emerging LLM and machine learning capabilities for safe, effective use in cyber defense operations.

Reduce mean time to detect and respond by building a SOC that operates with signal clarity, not alert volume.

Establish Synopsys as a leader in proactive threat defense by maturing detection engineering, threat hunting, and insider threat capabilities aligned to MITRE ATT&CK.

Protect the company's most critical assets and intellectual property by leading incident response with operational discipline and technical credibility.

Enable executive leadership to make informed risk decisions by delivering clear, actionable security posture reporting and incident intelligence.

Scale security operations to meet the demands of a global, AI-driven technology company without sacrificing speed or accuracy.

Build a team culture where analysts are empowered to act decisively, learn continuously, and improve detection quality over time.

Drive measurable improvement in detection accuracy, response effectiveness, and program maturity through KPIs that reflect real security outcomes.

10+ years of cybersecurity experience with deep focus on incident response, detection engineering, and threat intelligence in complex enterprise environments.

Proven experience running major security incidents as Incident Commander, including leading cross-functional response, managing executive communications, and driving post-incident analysis.

Strong operational background building or transforming SOC and IR organizations, with demonstrated success improving detection quality, response speed, and team effectiveness.

Hands-on experience with SIEM platforms such as Splunk, Elastic, or QRadar, and practical application of the MITRE ATT&CK framework to detection and response strategies.

Technical credibility in detection engineering, threat hunting, forensics, and security automation, with the ability to guide teams through complex investigations and technical tradeoffs.

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (Master's degree preferred).

Relevant certifications such as CISSP, GCIH, GCFA, or equivalent; experience with cloud security platforms (AWS, Azure, GCP) and SOAR tools is a strong plus.

You can present in front of a CISO during an active breach, deliver a two-minute update that covers what happened, what we are doing, and what we need, and then return into the war room and keep your team moving without losing momentum.

You are disciplined and structured under pressure, the kind of leader who builds repeatable processes, documents what works, and improves what does not without waiting for the next incident to force the conversation.

You push back when a detection strategy is too broad or a response plan lacks clear ownership, because you have seen what happens when accountability is unclear and you refuse to let that happen on your watch.

You treat threat intelligence as a product, not a feed, which means you know how to take raw intel and turn it into detections, playbooks, and hunting hypotheses that your team can actually use.

You are comfortable evaluating new AI and automation capabilities for security operations, but you know where the human needs to stay in the loop and you are not afraid to say no when a tool does not meet the bar.

You build teams that trust each other, where analysts feel empowered to escalate without fear and learn from incidents without blame, because you know that culture is what separates a good SOC from a great one.

You will lead the detection, response, and threat management function within Synopsys's global cybersecurity organization. Your team includes SOC analysts, detection engineers, incident responders, threat intelligence professionals, and insider threat specialists. You will work closely with Security Engineering, IT, Legal, and GRC teams to ensure alignment across the organization. This is a leadership role with high visibility, and you will be expected to represent security operations in executive forums and cross-functional initiatives.

We offer a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and non-monetary offerings. Your recruiter will provide more details about the salary range and benefits during the hiring process.

At Synopsys, we want talented people of every background to feel valued and supported to do their best work. Synopsys considers all applicants for employment without regard to race, color, religion, national origin, gender, sexual orientation, age, military veteran status, or disability.