Security Operations Manager

Neptune Technology Group Inc. is a technology company serving water utilities across North America. Since 1892, we have continually focused on the evolving needs of water utilities – revenue optimization, operational efficiencies, and improved customer service. With our portfolio of smart water meters, data collection systems and software, we make data actionable for our customers – so they can remain focused on the business of water.

For additional information, please visit the company website at

Neptune is maturing a 24×7 cybersecurity program across a hybrid environment (on-prem, cloud, SaaS). We need a proactive leader to own Incident Response and SOC operations
, manage SIEM performance, and ensure timely reporting to our parent company. This role is critical for reducing MTTD/MTTR, strengthening detection capabilities, and driving audit readiness.

• Lead the full IR lifecycle: detection, triage (L2–L3), containment, eradication, recovery, and post-mortems
• Coordinate forensic investigations and run tabletop, blue/red/purple team exercises
• Maintain and execute documented playbooks for rapid response
• Oversee 24×7 alerting and escalation model with MSSP and internal teams
• Implement anomaly detection and access monitoring across endpoints, networks, and cloud

• Manage SIEM (Google Sec Ops/Chronicle) including detection engineering, log health, and tuning
• Develop repeatable SOAR playbooks and automation workflows

• Ensure robust IAM lifecycle processes and enforce least privilege principles
• Integrate anomaly detection for identity-related threats
• Incorporate threat intelligence feeds into detection and response workflows
• Conduct threat modeling exercises to anticipate and mitigate risks

• Drive automation for repetitive tasks and incident workflows
  
  Optimize orchestration between SIEM, EDR, and SOAR platforms

• Own the incident reporting process to Neptune’s parent company
• Deliver actionable metrics on detection, response, and operational performance
• Partner with engineering to embed secure-by-design principles
• Implement zero trust segmentation and hardening based on incident learnings

• SIEM/Sec Ops: e.g. Google Sec Ops (Chronicle)
• EDR & Identity: e.g. Crowd Strike, Microsoft AD/Entra
• Network Security: e.g. Forti Gate NGFW, FortiSASE
• Secure Browsing: e.g. Prisma
• Patching & Config: e.g. Automox
• Secrets Management: e.g. Keeper
• Email & Data Security: e.g. Mimecast, Microsoft Purview

• 5+ years in Security Operations, including 3+ years leading IR/Sec Ops teams
• Hands-on experience with incident response, SIEM management, and threat hunting
• Strong understanding of NIST, ISO, SOC 2, MITRE ATT&CK, and zero trust principles
• Excellent communicator with experience in cross-functional coordination and executive reporting

• CISSP or equivalent certification
• Cloud security experience (AWS, Azure, GCP)
• Audit and compliance experience (SOC 2, SOX, etc.)

Typically requires overnight travel less than 10% of the time.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws.

For further information, please review the Know Your Rights notice from the Department of Labor.