Sr. Manager, Security Operations & Incident Response


Position Purpose: 

This role will play a key role in shaping and maturing Sleep Number’s security operations, threat detection and incident response strategy and operations by leading the Security Operations and Incident Response teams within Sleep Number’s Information Security organization.  The successful candidate will possess a high level of communication and relationship-building acumen (all audiences, including executives and non-technical stakeholders), a strong technical background, deep field-relevant experience with and a track record of successfully leading, engaging, and developing high-performing teams.

Primary Responsibilities:

  • Work directly for the Sr. Director of Information Security to help progress and execute information security strategy, goals, and business priorities.
  • Provide strategic direction and direct oversight for a team of analysts and engineers with varying levels of experience and skillsets.  Conduct regular check-ins with team members and conduct annual reviews for all direct reports and provide feedback to other teammates as needed.
  • Drive prioritization and ownership within the team, make thoughtful recommendations to leadership for improvements and when required, make well-crafted pitches for resources and/or team structure changes.
  • Provide regular coaching and feedback to ensure the team maintains a high level of productivity, quality, and engagement.
  • Establish and advance a proactive threat hunting and attack simulation capability.
  • Communicate threat trend and pattern findings to the appropriate stakeholders, adjusting to a wide array of audiences when needed (technical teams, non-tech personnel, executives, audit committee).
  • Ensure team members are growing developmentally, keeping skillsets current, and can flex and pivot to address changes in the threat landscape.
  • Partner with peer leaders (GRC, Engineering & Security Architecture) across security in executing Information Security priorities and key metrics.  Lend support to peer teams when warranted.
  • Create a strategy for internal communications and escalations from customer service, business partners and within the IT team in partnership with Legal, Public Relations and other stakeholders.
  • Collaborate with cross functional leaders in IT, legal, retail, customer relations, various product teams, marketing, customer support to garner support for improvements to processes, workflows, and tooling.
  • Build and foster collaboration and credibility with business partners to advance SOC insights (e.g., onboarding logs, alerts from decentralized teams and cloud instances) and identify synergies with other teams.
  • Lead the strategy and execution of event, incident response and post-mortem analysis in partnership with legal, internal audit and other partners.  This may result in required work outside of normal business hours.
  • Capture and present meaningful monthly and on-demand metrics to leadership and other stakeholders.  Advance metrics capability and scope.
  • Continually assess new capabilities in the market and optimize existing toolsets, drive renewals and identity efficiencies through processes and technology, including synergies with teams outside the security team (e.g., networking, ecommerce).
  • Supervise the production of high-quality detailed documentation and playbooks for internal and external audiences while protecting sensitive or confidential information.

Key Performance Indicators:

  • Advance the maturity of the Security Operations and Incident response capability through leadership, peer influence, strategic planning, and measured execution
  • Optimize existing toolsets, identify, and drive improvements to alert/event management
  • Establish a proactive threat hunting capability
  • Expand security operations and incident response metrics capture and reporting
  • Lead team to achieve team goals on time while fostering an environment of continuous learning, high engagement and champion diversity, inclusion, and respecting individuality of all team members
  • Capture, manage and present meaningful security investment ROI and security posture metrics to executive audiences including the Audit Committee on a regular basis

Position Requirements: 

  • Advanced Degree in Cybersecurity, Computer Science, or related discipline, or equivalent practical experience.
  • CISSP Certification (exceeding years of confirmed experience can circumvent this requirement).  Non-CISSP-certified candidates would be expected to pursue CISSP certification as part of developmental expectations within one year of start date.
  • 7+ years in one or more of the following areas or combination thereof: cyber threat intelligence, intelligence analysis and correlation, intelligence collection, incident response.
  • 7+ years leadership/management of cyber threat intelligence and incident response teams.
  • 3+ years of strategic and technical experience with Splunk or equivalent platforms.
  • 3+ years of technical leadership/management of teams or similar levels of experience.

Knowledge, Skills & Abilities:

  • Proven experience and knowledge in the MITRE ATT&CK framework.
  • Instinctively and proactively follows multiple, trusted threat feeds from various sources and can quickly gauge their relevance and impact to the organization.
  • High degree of familiarity with Agile, SecDevOps practices and how the CI/CD pipeline works with security operations functions.
  • In-depth knowledge of threat intelligence investigations and the tools/technologies that support it.
  • In-depth knowledge of the threat intelligence and security operations technology and MSSP market.
  • Exceptional written and verbal communication skills using a variety of communication channels.
  • Consistent and appropriate sense of urgency combined with proper discretion in resolving issues.
  • Proven record as a problem solver in complex, rapid-paced and often ambiguous situations.

Working Conditions (if applicable):

  • Ability to work extended or non-traditional hours on occasion to support emergency situations.
  • Ability to travel up to 10%


Job ID R12310
Sophia, Customer Service Representative

“Sleep is integral to a happy healthy lifestyle and it has such a huge impact on everyday life. Sleep Number is a unique company to work for because you’re truly helping people.”

Sophia, Customer Service Representative

Job Alerts

Be the first to know about events, exclusive updates and get the job info that matches what you’re looking for. Simply type to search for a job category or location – and then click “ADD.” You can even add multiple categories and locations. Press “SIGN UP” and your job alerts will be on their way.


  • Information Technology, Minneapolis, Minnesota, United StatesRemove