×
Register Here to Apply for Jobs or Post Jobs. X

Director, Cyber Defense

Job in Richmond, Henrico County, Virginia, 23214, USA
Listing for: Kyndryl
Full Time position
Listed on 2026-07-18
Job specializations:
  • IT/Tech
    Cybersecurity, Security Management & Operations
Salary/Wage Range or Industry Benchmark: 200800 - 375600 USD Yearly USD 200800.00 375600.00 YEAR
Job Description & How to Apply Below

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

The Director, Cyber Defense, leads Kyndryl's operational defense mission across a globally distributed security organization. This role reports to the Vice President and Deputy CISO, Cyber Operations.

You will own the full incident response lifecycle, run follow-the-sun security operations across AMER, EMEA, and APAC, direct the cyber threat intelligence program, and drive the conversion of that intelligence into the detection coverage and defensive architecture that protect Kyndryl's global enterprise estate. You will set the engineering discipline that keeps detection content tested, version-controlled, and continuously validated against the adversary.

During major security incidents, you will exercise cross-functional coordination authority to drive rapid, disciplined response. The window between vulnerability and exploit is compressing as adversaries adopt AI-accelerated tooling. This role exists to keep Kyndryl's defense ahead of that curve.

What You’ll Do:
  • Lead 24/7 global security operations through a follow-the-sun model spanning AMER, EMEA, and APAC regions.
  • Own the full incident response lifecycle, triage through post-incident review, with forensic preservation standards maintained throughout.
  • Coordinate with the Incident Commander function with clear escalation authorities, runbooks, and cross-functional coordination protocols for cybersecurity incidents.
  • Direct the Cyber Threat Intelligence program and own the intelligence-to-defense loop: convert prioritized adversary intelligence into detection requirements, control coverage decisions, and changes to the defensive architecture.
  • Govern ATT&CK-aligned detection coverage on measured efficacy, and stand up continuous validation through adversary emulation and detection testing to prove that intelligence-driven defenses fire against the techniques they target.
  • Set detection-as-code discipline across the detection lifecycle: version-controlled content, release rigor, automated testing, and telemetry quality standards, executed jointly with the SIEM, SOAR, & Agent Development team that owns the underlying pipeline and platform.
  • Drive operational measurement toward compressing the defender’s detect-decide-act cycle against AI-accelerated adversaries, not raw response speed alone.
  • Coordinate with Vulnerability Management on remediation prioritization and exploitability-informed sequencing. This role does not own the vulnerability management function.
  • Collaborate with the AI-Driven Cyber Defense team to integrate automation and ML into defensive operations.
  • Build and develop a globally diverse team, investing in their growth across technical, analytical, and leadership competencies.
What You Bring:
  • Proven ability to lead security operations and incident response at enterprise scale, with the composure and decision quality to perform under pressure.
  • Strong command of threat-informed defense: translating intelligence into detection coverage and architecture decisions, anchored in MITRE ATT&CK, with kill chain analysis as a supporting lens for mapping attacker progression.
  • Working command of detection engineering practice: detection-as-code, content lifecycle management, and validation discipline, partnering with platform engineering rather than operating in isolation from it.
  • Strong command of incident response methodologies and escalation processes.
  • A leadership style that builds operational discipline without stifling initiative. You want your team thinking, not just executing.
  • Experience running geographically distributed teams with the cultural awareness that global operations demand.
  • The ability to communicate effectively with technical teams and executive leadership alike.

Kyndryl currently does not require employees to be fully vaccinated against COVID-19, however, if you are hired to work at a client, customer, or partner location, you may be required to show proof of vaccination to align with their respective COVID-19 vaccination policies. Those who believe they are eligible may apply for a medical or religious accommodation prior to the start of employment.

Who

You Are Requirements:
  • 12+ years in cybersecurity operations, incident response, threat intelligence, or SOC leadership, with at least 5 years in a senior leadership role over a globally distributed team.
  • Demonstrated track record leading a cyber defense or security operations program at comparable scale and complexity, defending a hybrid or multi-cloud enterprise estate.
  • Experience operationalizing threat intelligence into detection coverage and defensive architecture, with familiarity in detection engineering and continuous validation practice.
  • Dedication to…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary