Security Operations Manager

About Modular Services

Our Cybersecurity Practice at Modular Services is scaling. We operate a 24×7 Security Operations Centre supporting international law firms and global consultancy businesses, with a rapidly growing client pipeline. We are Europe’s largest business services provider dedicated to the legal sector. From our delivery centres in Iași, Bucharest, and Bacău, we support international law firms across the globe. We operate an Offensive SOC, actively challenging our clients’ defences. The model runs a continuous feedback loop: Threat Intelligence → Hypothesis → Hunt → Validate → Remediate → Automate.

Security Operations Manager

As a Security Operations Manager at Modular Services, you will be the technical operations lead for our cutting-edge Cybersecurity Practice.

About you

You have experience in building security teams and running security operations services. You understand how a SOC should function at a strategic and operational level: how to set up security incident response plans, design SIEM/SOAR/EDR architecture, define Security Compliance Posture, and develop the team supporting all SOC activities. This role is equal parts technical authority and operational manager. You’re the escalation point when things get complex, the person who shapes how we deliver security services, and a key voice in presales and client engagements.

Our ideal candidate has

• 6–8+ years in cybersecurity operations, with at least 2 years in a SOC leadership or senior technical role
• Proven track record of designing and implementing incident response methodologies
• Deep technical expertise and implementation experience with core security technologies including SIEM/SOAR platforms (Sentinel, Splunk), EDR/XDR, network security and threat intelligence tools.
• Mastery of the technical implementations behind security controls: you know what needs to be built, configured, and maintained to make a compliance framework actually work
• High-level understanding of compliance frameworks (ISO 27001, NIST, GDPR, NIS2, DORA)
• Experience presenting to senior management and client stakeholders, translating technical findings into clear, actionable recommendations
• Presales and client engagement experience: scoping security services, supporting proposals, and shaping delivery models
• Track record of mentoring analysts and senior engineers: running regular 1:1s and post-incident reviews with a focus on investigation quality, coaching on methodologies, and raising the technical bar across the team
• Ownership of cross-functional projects, audit preparation, and KPI framework design
• Professional cybersecurity certifications such as GIAC (GCIH, GCFA), CISSP, OSCP
• Experience with scripting or automation (e.g., KQL, Python, PowerShell) to improve efficiency
• Experience working in a Managed Security Service Provider (MSSP) environment with security orchestration, automation, and response (SOAR) platforms
• Previous experience with raw log file review, data correlation, and analysis, as well as with network security tools, network traffic analysers, firewall logs, network flows, intrusion detection systems, system logs, memory dumps, vulnerability management, SOAR platforms, SIEM, especially Elastic SIEM, and other Enterprise / Open Source equivalents.
• Previous experience in malware investigations, incident response, and threat hunting

You will

• Lead the strategic and operational direction, design, and continuous improvement of the SOC function
• Act as the architect of SOC capabilities: detection infrastructure, escalation frameworks, tooling architecture, and security monitoring strategy
• Supervise high-severity incidents (P1/P2), providing executive guidance, approving escalation decisions, and ensuring risk-aligned response
• Act as the team’s primary escalation point both from a technical and operational point of view when incidents or client situations require senior judgement
• Ensure SOC adherence to policies, SLAs, and regulatory obligations (ISO 27001, NIST, GDPR), with governance over incident response workflows
• Lead internal and external security projects: technology onboarding, service expansions, client integrations, architecture changes
• Represent the SOC during senior management meetings, steering committees, audits, and client reviews, providing clarity on operational posture, risk, and roadmap
• Approve root cause analyses and long-term remediation plans for major incidents, validating impact assessments against enterprise security posture
• Own the SOC KPI and metrics framework (MTTR, MTTP, detection efficiency, alert fidelity) using trend data to identify gaps and drive operational maturity
• Define the SOC roadmap: capability development (threat hunting, automation, threat intel integration), staffing models, and technical priorities
• Collaborate with technical and legal teams to embed security monitoring in enterprise-wide initiatives
• Support presales and client engagements: scope security services, shape delivery models, and provide technical input for proposals
• Provide technical direction on tooling decisions and platform architecture, working with procurement and delivery teams on vendor evaluations
• Lead SOC readiness for internal and external audits ensuring controls are documented, enforced, and evidenced
• Drive a culture of accountability, technical excellence, and continuous learning across the team
• Stay current with emerging threats, detection frameworks (MITRE ATT&CK, D3FEND), and security trends to keep the SOC proactive and adaptive
• Assign and oversee special initiatives across the SOC as part of continuous service improvement, risk mitigation, and detection expansion

What You Get

• Technical ownership of the SOC function across a growing portfolio of international clients
• Direct involvement in presales and client engagements, shaping how we deliver security services
• An influential role: you’ll shape detection strategy, tooling decisions, and team development
• Certification and training budget, access to Pluralsight and Microsoft Learning
• A growing practice with the scope to shape its direction
• A team that works together, supports each other, and is dedicated to learning and growing together

We’re building a modern security practice adapted to the rapid evolution of a VUCA world. If you like technical puzzles, solving real-world problems, and thrive on handling critical situations — that’s the kind of team you want to be part of. We’d like to hear from you.

Key skills/competency

• Security Operations Centre (SOC) Leadership
• Incident Response Management
• SIEM/SOAR Architecture
• Threat Hunting
• Cybersecurity Compliance
• Client Engagement
• Team Development & Mentoring
• Security Project Management
• Detection Engineering
• Automation & Scripting