Security Operations Manager (L7) - 100% remote

Role Overview

The Security Operations Manager is a hands-on leader responsible for ensuring Apollo’s ability to detect, investigate, respond to, and recover from security incidents effectively and at scale. This role blends strong people leadership, cross-functional collaboration, and deep technical expertise in modern security operations. The Manager is expected to lead by example, remain technically engaged, and actively contribute to investigations and high-severity incidents.

This role operates in a fully remote environment and requires excellent asynchronous communication and collaboration skills.

Key Responsibilities

Operational Leadership & Incident Response

• Own and continuously improve end-to-end Security Operations processes, including detection, investigation, escalation, response, and post-incident activities.
• Act as senior incident leader for high-severity incidents, ensuring timely containment, calm and structured decision-making, and clear stakeholder communication.
• Lead and participate in complex security investigations spanning cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios.
• Ensure high-quality post-incident reviews with clear root cause analysis, actionable remediation, and accountability for follow-through.

Detection, SIEM & Automation Strategy

• Define and evolve SIEM strategy, including log source onboarding, detection use cases, alert tuning, data quality standards, and coverage validation.
• Oversee creation and maintenance of detection logic, correlation rules, investigation playbooks, and response workflows.
• Drive automation and orchestration initiatives to reduce manual effort and accelerate triage and response.
• Champion the use of AI-assisted tools and techniques to expedite investigation, enrichment, decision-making, and response.

People Leadership, Culture & Growth

• Build, lead, and retain a high-performing Security Operations team in a fully remote, distributed environment.
• Foster a culture of trust, psychological safety, operational excellence, and continuous learning.
• Provide clear expectations, regular feedback, and coaching aligned with individual strengths and career aspirations.
• Establish and maintain clear career growth paths, helping engineers develop technical depth, operational ownership, and leadership capabilities.
• Support onboarding, mentorship, documentation, and knowledge-sharing practices to strengthen team resilience and reduce single points of failure.

Cross-Functional Collaboration

• Partner closely with Engineering, IT, Fraud, Legal, People, Support, and Product teams during investigations, incidents, and improvement initiatives.
• Collaborate deeply with Fraud teams on abuse, account compromise, automation misuse, and anomalous behavior investigations.
• Communicate security risk, incident impact, and remediation plans clearly to both technical and non-technical stakeholders.

Metrics, Reporting & Strategy

• Define, track, and improve operational security metrics such as detection quality, investigation effectiveness, response outcomes, and incident trends.
• Translate business risk and platform changes into actionable operational priorities and roadmap initiatives.
• Contribute to the long-term Security Operations strategy for a cloud-native, SaaS-first platform, with GCP as the primary cloud environment.

• Base salary + 8-12% yearly bonus + equity
• Contract of employment (Polish UoP)
• 100% remote work (we don’t have offices and we don’t plan to have them) - no hybrid, no forcing people to get back to the offices
• Allianz Medical Package and Warta Life Insurance covered by Apollo
• 1200 USD educational budget per year
• 300 USD Work From Home Stipend
• 4 additional PTO days for Engineering (Rest Days)
• 100% remote work and flexible working hours

Benefits

• private medical care
• sharing the costs of professional training & courses
• life insurance
• remote work opportunities
• flexible working time
• integration events
• dental care
• extra leave

Development opportunities we offer

• development budget
• industry-specific e-learning platforms
• intracompany training
• technical knowledge exchange within the company

We are AI Native

Apollo.io is an AI-native company built on a culture of continuous improvement. We’re on the front lines of driving productivity for our customers—and we expect the same mindset from our team. If you're energized by finding smarter, faster ways to get things done using AI and automation, you'll thrive here.

What You’ll Love About Apollo

Besides the great compensation package and culture that thrives in openness and excellence, we invest tremendous effort into developing our remote employees’ careers. The team embraces that we have a sole purpose: to help customers maximize their full revenue potential on the Apollo platform. This mindset opens us up to a lot of creative approaches to making customers successful at scale. You’ll be a significant part of a lean, remote team, empowered to really own your role as a proactive educator. We’re very collaborative at Apollo, so you’ll be able to lean on your teammates, even in adjacent departments, to help you achieve lofty goals. You’ll be supported and encouraged to experiment and take educated risks that lead to big wins. And, you’ll have a whole team remotely by your side to help you do it!

Required Skills & Experience

(We expect strong candidates to meet most of these requirements; seniority may be calibrated based on demonstrated scope and impact.)

• 7+ years of experience in Security Operations, Incident Response, or Security Engineering.
• 2+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment.
• Strong hands-on experience with SIEM platforms (experience with Panther is highly valued), detection engineering, log analysis, and security investigations.
• Experience designing and automating security workflows and response processes.
• Experience with cloud-native platforms (GCP preferred; AWS and Azure also relevant) and SaaS applications.
• Proficiency in Python for automation, analysis, and tooling; familiarity with Ruby is a plus.
• Excellent written and verbal communication, leadership, and stakeholder management skills.

Preferred Qualifications

• Experience using AI or ML-assisted security tooling for detection, investigation, or response.
• Familiarity with vulnerability management programs, SLAs, and remediation workflows.
• Relevant certifications such as CISSP, GCIA, GCIH, GCED, or Google Professional Cloud Security Engineer / AWS Security Specialty.