Director Cybersecurity Jobs (NOW HIRING)

The ACLU seeks applicants for the full-time position of Director, Cyber Security Operations in the Administration & Finance Department of the ACLU's National office in New York, NY, or Washington, DC. This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month.

The ACLU's Information Security Department works to protect the confidentiality, integrity, and availability of the ACLU's digital systems, data, and communications. We collaborate across departments and affiliates to defend against cybersecurity threats, implement cutting-edge security technologies, and foster a culture of security awareness. Our mission is to ensure that the ACLU can continue its critical work safeguarding rights and liberties, without compromise, in an increasingly complex and hostile digital landscape.

Reporting to the Chief Information Security Officer, the Director, Cyber Security Operations will be responsible to lead and evolve the ACLU's operational security capabilities. This role is responsible not just for running day-to-day security operations, but for building a mature, intelligence-driven detection and response program grounded in adversary tradecraft and real-world attack paths.

You will lead a small, high-impact team and own SOC operations, detection engineering, threat hunting, digital forensics, and incident response. This role is expected to operate at both a strategic and hands-on level — shaping detection strategy, guiding investigations, and ensuring the organization can rapidly detect, respond to, and recover from sophisticated threats.

• Lead and mature SOC operations with a focus on high-fidelity detection, signal-to-noise optimization, and measurable detection coverage.
• Own and evolve the detection engineering program, including development of detections mapped to adversary behaviors (e.g., MITRE ATT&CK), continuous tuning, and validation through adversarial testing.
• Establish and lead a proactive threat hunting program focused on identifying unknown threats, attacker dwell time, and control gaps across identity, endpoint, cloud, and SaaS environments.
• Direct incident response and digital forensics efforts, including hands-on leadership during high-severity incidents, root cause analysis, and post-incident improvement.
• Integrate cyber threat intelligence into detection and response workflows, ensuring intelligence is operationalized into actionable detections and hunt hypotheses.
• Develop, test, and continuously improve incident response playbooks, escalation paths, and decision frameworks.
• Lead tabletop exercises and adversary simulation activities to validate detection and response capabilities against realistic threat scenarios.
• Drive operational resilience initiatives, including business impact analysis, recovery planning, and coordination with crisis management stakeholders.
• Partner closely with identity, cloud, and application teams to close detection and response gaps, with a strong focus on identity as the primary attack surface.
• Coordinate with physical security and external incident response partners during complex incidents.
• Build, mentor, and scale a high-performing security operations team, fostering a culture of curiosity, rigor, and adversarial thinking.
• Report on detection coverage, incident trends, adversary activity, and response effectiveness to senior leadership.

• Be committed to advancing the mission of the ACLU
• Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives
• Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts

• Significant experience in cyber security operations, detection engineering, threat hunting, or incident response; 10 or more years a strong plus
• Deep experience building and tuning detections across modern environments (endpoint, identity, cloud, SaaS), with an understanding of attacker techniques and evasion methods.
• Proven experience leading and executing complex incident response engagements, including forensics, containment, and recovery.
• Strong background in threat hunting methodologies, hypothesis-driven investigations, and identifying unknown or emerging threats.
• Experience operationalizing threat intelligence into detections, hunts, and response actions.
• Familiarity with detection frameworks (e.g., MITRE ATT&CK) and measuring detection coverage and effectiveness.
• Ability to lead through ambiguity and make high-quality decisions during active security incidents.
• Strong communication skills, with the ability to translate technical risk into clear business impact.
• Experience mentoring and developing security practitioners.
• Relevant certifications (GCIA, GCIH, CISSP, GCFA, GNFA) preferred.
• Commitment to mission-driven security work.

The ACLU is committed to equity, transparency, and clarity in pay. Consistent with our compensation philosophy, there is a set salary for each role based on geographic work location. The annual salary for this position is $229,096 (Level C2), reflecting the salary of a position based in New York, NY. Salaries are subject to a regional pay adjustment if authorization is granted to work outside of the location listed in this posting. For details on our pay structure, please visit: https://www.aclu.org/careers/ACLU_Geographic_Pay_Structure-July_2024.pdf

For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it's ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people.

We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being.

At the ACLU, we offer a broad range of benefits, which include:

• Time away to focus on the things that matter with a generous paid time-off policy
• Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
• Plan for your retirement with 401k plan and employer match
• We support employee growth and development through annual professional development funds, internal professional development programs and workshops

Accessibility, equity, diversity and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility, and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change.  We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization – one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism, and anti-racism internally as we are externally. Because whether we're in the courts or in the office, we believe 'We the People' means all of us.

With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law.

The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email benefits.hrdept@aclu.org . If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process.

The Department of Education has determined that employment in this position at the ACLU does not qualify for the Public Service Loan Forgiveness Program.