Corporate Security Manager

Onebrief is collaboration and AI-powered workflow software designed specifically for military staffs. By transforming this work, Onebrief makes the staff as a whole superhuman - meaning faster, smarter, and more efficient.

We take ownership, seek excellence, and play to win with the seriousness and camaraderie of an Olympic team. Onebrief operates as an all-remote company, though many of our employees work alongside our customers at military commands around the world.

Founded in 2019 by a group of experienced planners, today, Onebrief’s team spans veterans from all forces and global organizations, and technologists from leading-edge software companies. We’ve raised $320m+ from top-tier investors, including Battery Ventures, General Catalyst, Sapphire Ventures, Insight Partners, and Human Capital, and today, Onebrief is valued at $2.15B. With this continued growth, Onebrief is able to make an impact where it matters most.

We’re hiring a Corporate Security Manager to lead our Corporate Security Engineering and Security Operations functions. This role is responsible for strengthening the security posture of our Corporate IT environment and commercial infrastructure.

Reporting to the Director of Corporate IT & Security, you will partner closely with Corporate IT, GRC, Engineering, and application owners to ensure systems are securely configured, continuously monitored, and aligned to regulatory frameworks such as CMMC 2.0 and NIST 800-53.

This role combines technical security leadership with program ownership across configuration standards, vulnerability management, SaaS security governance, monitoring strategy, and detection engineering. You’ll lead a team of engineers and analysts while driving improvements in automation, monitoring coverage, and operational maturity.

Our goal is a corporate environment that is:

• Secure by default

• Continuously monitored with high-quality signal

• Resilient to configuration drift

• Audit-ready with defensible evidence

You are an experienced security leader who understands that strong enterprise security comes from enforceable baselines, high-quality monitoring, and thoughtful automation.

You’ve led technical security teams and know how to create clarity around ownership, detection coverage, configuration standards, and measurable outcomes. You’re comfortable improving processes, reviewing architectures, and making risk-based decisions about security controls.

You think holistically about enterprise security—understanding how endpoint security, identity, SaaS configuration, vulnerability management, and monitoring work together to support a resilient security program.

You value structure, accountability, and continuous improvement, and you ensure security operations and engineering outputs remain reliable, measurable, and audit-ready.

• Own the strategy and maturity roadmap for corporate security engineering and operations. Define standards for configuration baselines, logging and telemetry, detection coverage, vulnerability remediation, and security automation.

• Manage and develop System Security Engineers and Security Operations Analysts. Provide coaching, remove blockers, and focus the team on high-impact risk reduction.

• Strengthen configuration enforcement, vulnerability remediation, monitoring quality, and detection coverage across endpoints, identity systems, SaaS platforms, and enterprise infrastructure.

• Collaborate with IT, Engineering, Security, and Compliance teams to ensure systems are deployed securely, monitoring supports operational risk management, and security controls align with regulatory commitments.

• Establish consistent processes for monitoring reviews, vulnerability remediation tracking, detection improvements, incident support, and audit evidence management.

• 7–10+ years of experience in security engineering, security operations, or enterprise security architecture

• 2+ years leading technical security teams

• Experience with SIEM, EDR, and enterprise monitoring platforms

• Experience implementing security configuration baselines aligned with frameworks such as NIST 800-53, CMMC 2.0, or DISA STIGs

• Experience overseeing vulnerability management programs and remediation SLAs

• Strong understanding of enterprise logging across endpoints, identity providers, SaaS platforms, and cloud systems

• Strong understanding of API connections and workflow automations

• Experience with endpoint security tooling (e.g., MDM platforms, browser management, secure web gateways)

• Experience defining and reporting security operations metrics (e.g., MTTD, MTTR, detection coverage)

• Ability to translate regulatory requirements into enforceable technical controls

• Strong collaboration and communication skills with the ability to present clear security insights to leadership

Notice to Third Party Recruitment Agencies
Please note that Onebrief does not accept unsolicited resumes from recruiters or employment agencies. In the absence of an executed Recruitment Services Agreement, there will be no obligation to any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without an agreement Onebrief explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, shall be deemed the property of Onebrief.