operations
Posted 3 hours agoManager, Security Operations
at Figma
San Francisco, United StatesOn-site
Responsibilities
- Own Figma's security monitoring and incident response program, from detection engineering through post-incident review and continuous improvement
- Build and automate security operations workflows, including alert triage, enrichment, investigation, and response actions using SOAR and custom tooling
- Develop and maintain incident response run books, escalation procedures, and communication plans for security events of varying severity
- Lead incident response preparedness initiatives, including tabletop exercises, red team engagements, and response capability assessments
- Improve the effectiveness of our SIEM and SOAR platforms by reducing noise, increasing signal fidelity, and closing detection coverage gaps
- Build and operationalize threat intelligence capabilities to identify adversary behaviors, prioritize investments, and strengthen detection and response programs
- Drive security operations strategy through vendor management, operational metrics, and cross-functional initiatives spanning IAM, vulnerability management, DLP, and exposure reduction We'd love to hear from you if you have: 7+ years of
Requirements
- Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI.
- From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world.
- In this role, you'll build and scale the systems, processes, and tooling that help protect Figma and our community.
- You'll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions.
- experience in security operations, incident response, or a related security engineering function Hands-on
- experience building and automating detection and response workflows using scripting, APIs, or security automation platforms
- Deep expertise with SIEM and SOAR technologies in a cloud-native or SaaS environment
- Operated in a public company environment with SOX, ISO 27001, SOC 2, or FedRAMP requirements