Director, Detection & Response

Job Description

PlayStation isn't just the Best Place to Play - it's also the Best Place to Work. Today, we're recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, acclaimed PlayStation software titles from PlayStation Studios, and more.
PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.
The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation.
The Director of Detection and Response is a senior cybersecurity leader responsible for security monitoring, threat detection, incident response, and threat hunting across the organization. This role oversees the Security Operations Center (SOC) and the Security Incident Response Team (SIRT/DFIR), ensuring 24/7 global coverage to rapidly detect and respond to cyber security incidents. The Director combines deep technical expertise in cybersecurity with strategic leadership skills to protect the company's systems and data. They will drive the team's strategy, implement protective measures, and continuously improve processes in line with the evolving threat landscape and industry best practices. This position requires close collaboration with other teams, as well as engagement with executive leadership, to communicate security posture and integrate incident response into business operations.
The ideal candidate is hands-on, stays up-to-date on emerging threats, and can effectively balance technical incident management with high-level strategy and team leadership. This role has a global scope, leading distributed teams, and will ensure the team's readiness to detect and respond to incidents across on-premise and cloud environments.

Key Responsibilities
• Strategic Leadership: Improve and implement a comprehensive detection and incident response strategy aligned with the organization's risk tolerance, business objectives, and regulatory requirements. Provide clear vision, direction, and priorities for the Detection & Response function, and set performance metrics to measure success.
• SOC & Incident Response Oversight: Lead 24/7 global operations for continuous monitoring and rapid response to security events. Ensure effective triage, investigation, and containment of incidents, expanding coverage to meet the needs of a complex, growing environment.
• Incident Commander: Serve as the primary incident commander during major cybersecurity incidents, coordinating cross-functional teams to contain and eradicate threats. Oversee all phases of incident handling – from detection and analysis to containment, remediation, and recovery – and lead post-incident reviews to drive improvements.
• Threat Detection & Engineering: Drive the development of advanced threat detection capabilities and detection engineering efforts. Oversee the creation of high-fidelity detection logic, use cases, alerts, and automated workflows to quickly identify malicious activities. Evaluate, implement, and tune threat detection platforms and tools (SIEM, EDR, IDS/IPS, XDR) for optimal performance and minimal false positives. Integrate detection systems with automation/SOAR solutions to enable rapid, coordinated response actions.
• Proactive Threat Hunting: Lead activities to uncover hidden threats in the environment and address gaps in visibility. Work closely with the Cyber Threat Intelligence team to disseminate threat intelligence and inform protective measures. Ensure that hunting findings are fed back into detection content and preventive controls.
• Security Orchestration & Automation: Champion the use of SOAR and automation to improve efficiency and consistency in response workflows. Leverage scripting, playbooks, and security automation tools to automate repetitive tasks, enrich alerts, and reduce response times, allowing the team to focus on high-value investigations.
• Architecture & Visibility: Work with security architects and engineers to design and maintain security monitoring architecture that provides comprehensive visibility into networks, systems, applications, and cloud infrastructure. Ensure that logging, alerting, and monitoring configurations meet detection requirements across on-premises and multi-cloud (AWS, Azure, GCP) environments.
• Policy Compliance & Reporting: Ensure that incident response and security operations processes comply with relevant standards and regulations. Enforce operational security policies and standard operating procedures. Provide regular reports and dashboards on SOC performance, incident metrics, and program maturity to demonstrate value and accountability to executive leadership and auditors.
• Cross-Functional Collaboration: Collaborate with other Information Security teams, IT and Engineering teams, and business units to strengthen overall security posture. Partner with product and development teams to incorporate security monitoring early in the system development lifecycle. Work with legal, HR and corporate communications as needed.
• Bug Bounty and Vulnerability Intake: Oversee the organization's bug bounty program and vulnerability disclosure process. Work with internal teams to validate and remediate reported vulnerabilities, and use insights from the bug bounty to enhance defenses and detection capabilities.
• Team Leadership and Development: Provide leadership, mentorship, and technical guidance to the SOC and SIRT teams. Mentor and grow a high-performing team of security analysts, incident responders, and engineers. Foster a culture of continuous learning, collaboration, and innovation. Ensure continuous training and skill development for staff to keep pace with evolving threats and technologies. Promote a culture of psychological safety and inclusivity so team members can perform at their best.
• Continuous Improvement: Stay connected with the evolving threat landscape and emerging cybersecurity best practices. Continuously evaluate and improve processes, tools, and playbooks to enhance the organization's cyber defense capabilities. Drive post-incident lessons learned into improvements in detection and response. Innovate and bring thought leadership in areas like cloud-native security, AI/ML for security, and resilience planning to keep the program ahead of attackers.

Required Skills and Experience
• Extensive Security Experience: 10+ years of experience in cybersecurity, with significant focus on security operations, threat detection, and incident response in large-scale or highly targeted environments. At least 5 years in a leadership role managing global or distributed security teams and operations. Proven track record of building and scaling security programs and teams.
• Technical Expertise: Prior hands-on experience in security operations and incident response is a must. Deep knowledge of cybersecurity tools and technologies across multiple domains – including SIEM, EDR/XDR, network security, endpoint protection, identity and access management, data loss prevention, and forensic analysis. Experience with digital forensics (host and network), malware analysis, and threat analysis procedures.
• Threat Detection & Engineering: Demonstrated experience with detection engineering – creating detecti

[more...]

Jobcode: Reference SBJ-j62e31-216-73-216-60-42 in your application.