MDR Manager

RedHelm is redefining what it means to be a technology partner. We deliver industry-leading offensive and defensive cybersecurity alongside full-stack IT services that are integrated by design — protecting, powering, and accelerating our clients’ success.

Our teams operate at the intersection of security and technology, combining deep technical expertise with a holistic, client-centered approach. By aligning security strategy, infrastructure, and operational excellence, we help organizations stay resilient in an increasingly complex threat landscape.

At RedHelm, we are building an environment where innovation, accountability, and collaboration drive meaningful outcomes, both for our clients and for the professionals who support them.

Role Overview

The SOC MDR Manager is responsible for leading and coordinating the day-to-day operations of the Managed Detection and Response (MDR) team while ensuring the successful delivery of security monitoring, incident response, and operational support services. This is a leadership-focused, customer-facing role responsible for managing team operations, driving service improvements, coordinating escalations, and ensuring operational excellence across the SOC environment. The ideal candidate combines strong operational leadership, technical security expertise, and customer communication skills with the ability to guide teams through complex security events and evolving service demands.

 

Role Focus

Primary Objective: Lead and optimize MDR operations while ensuring high-quality security monitoring, incident response coordination, and customer service delivery

Approach: Operationally focused, customer-oriented, collaborative, and process-driven leadership

Core Skills: SOC operations management, incident coordination, team leadership, security operations oversight, and process improvement

Solution Profile: Managed Detection and Response (MDR), SIEM, endpoint security, incident response, security operations, and operational process management

Success Metrics: Team performance, incident response effectiveness, service delivery quality, operational efficiency, customer satisfaction, and MDR capability improvements

Challenges: Managing shift coverage, coordinating high-severity incidents, balancing operational priorities, improving processes at scale, and supporting a fast-paced security operations environment

 

Main Responsibilities

Create and manage SOC/MDR shift schedules to ensure proper operational coverage and continuity

Coordinate shift changes, call-offs, schedule adjustments, and on-call rotations to maintain operational readiness

Serve as the primary operational point of contact for the MDR team and related security operations activities

Report and review MDR operational metrics, service performance, and team effectiveness

Lead managerial responsibilities including staffing, performance management, coaching, mentoring, training, and career path development for MDR team members

Identify opportunities for MDR capability enhancements, operational improvements, and service optimization initiatives

Collaborate cross-functionally with engineering, operations, leadership, and other internal departments to improve service delivery and operational outcomes

Coordinate escalations and engage additional technical resources as necessary during projects, incidents, or operational challenges

Continuously improve SOC/MDR operational policies, procedures, standards, workflows, and escalation processes

Drive improvements to ticketing processes, reporting structures, operational documentation, and service metrics

Conduct weekly reviews of alerts, reports, incidents, and operational trends to ensure service quality and continuous improvement

Perform operational spot checks of security solutions and monitoring platforms to ensure systems remain functional and effective

Ensure MDR operations comply with all RedHelm Information Security Policies, privacy standards, and operational controls

Ensure customer and company data are handled securely and remain protected, available, and confidential where applicable

Maintain accurate operational documentation, reporting records, and team procedures within internal systems and platforms

 

Required Experience

4+ years of experience within SOC, NOC, Blue Team, or cybersecurity operations environments

2+ years of experience in a leadership, supervisory, or team coordination role within security operations or managed services environments preferred

Experience supporting customer-facing technical operations or managed security services environments

Experience serving as an escalation point during operational incidents, outages, or security events

Experience coordinating incident response efforts, operational workflows, and service delivery processes

Hands-on experience supporting or administering security technologies including but not limited to:

Firewalls

SIEM Platforms

IDS/IPS Solutions

Endpoint Protection and Antivirus Solutions

Security Monitoring and Incident Response Platforms

Experience supporting Windows and Linux operating systems within operational or security-focused environments

Experience working within fast-paced operational environments with multiple competing priorities and escalations

 

Required Skills

Strong leadership and team management capabilities within operational or technical environments

Strong customer-facing communication and relationship management skills

Solid understanding of networking, security operations, and incident response principles

Ability to effectively coordinate and manage high-severity incidents and operational escalations

Strong analytical, troubleshooting, and decision-making skills

Ability to improve operational processes, workflows, documentation, and service quality

Excellent written communication, reporting, and documentation skills

Ability to collaborate effectively across technical, operational, and leadership teams

Strong organizational skills with the ability to manage multiple priorities simultaneously

Strong coaching, mentoring, and employee development capabilities

Ability to work independently while also driving team accountability and collaboration

Strong attention to detail and commitment to operational excellence and customer satisfaction

Strong desire to continuously learn, improve, and adapt within evolving cybersecurity environments

 

Required Qualifications and Certifications

Experience with security operations platforms and technologies including SIEM, endpoint protection, IDS/IPS, firewalls, and monitoring solutions

Knowledge of Windows and Linux operating systems and administrative functions

Knowledge of networking, security operations, and operational escalation management

Bachelor’s degree in Information Technology, Cybersecurity, Engineering, or a related field preferred

Relevant cybersecurity, security operations, networking, or incident response certifications preferred

Valid driver’s license and reliable transportation required where applicable

Willingness and ability to participate in on-call escalations and occasional travel as needed

 

Additional Information

Compensation

The annual salary for this role starts at $115,000.

 

KPIs / Metrics

MDR operational coverage and scheduling effectiveness

Incident response coordination and escalation management effectiveness

Alert review quality and response timeliness

Team performance, coaching, and employee development outcomes

Customer satisfaction and operational service quality

Accuracy and effectiveness of operational reporting and metrics

Operational process improvement and workflow optimization initiatives

Ticket quality, documentation accuracy, and escalation handling

Security platform operational health and monitoring effectiveness

Cross-functional collaboration and operational support effectiveness

 

Information Security & Data Privacy Responsibility

All employees are responsible for adhering to company Information Security and Privacy Policies and ensuring that all applicable procedures are consistently followed. This includes safeguarding client and company data to maintain its security, availability, and confidentiality, and upholding all legal and regulatory obligations related to data protection. Employees are expected to perform their duties in a manner that prevents security breaches or incidents that compromise business operations, client data, client data, or the company’s financial and operational standing.

 
Why Join Us

This is an exciting time to join RedHelm as we continue to grow and innovate as a full-stack technology partner. Our integrated approach to offensive security, defensive operations, and IT services creates opportunities to work on complex challenges that directly impact the organizations we serve. As we expand our capabilities and footprint, our team members play a meaningful role in shaping what comes next.

We are equally committed to investing in our people. We believe in a culture where we care about individuals not just for their professional ambitions, but for their personal goals as well. We recognize that work is part of a larger purpose in each person’s life, and that philosophy drives how we support growth, flexibility, and long-term development across our organization.

We offer a comprehensive and competitive benefits package designed to support both career progression and personal wellbeing, including medical, dental, and vision coverage, a 401(k) program, paid time off, floating holidays, and paid holidays. More importantly, we provide an environment where you can build meaningful expertise, contribute to forward-thinking solutions, and grow alongside a company that is actively shaping its future.