Home › Companies › Match Group › Incident Response Manager (Security Operations Center)
Incident Response Manager (Security Operations Center)
Match Group · Vancouver, British Columbia · Hybrid · Active · CAD 170,000–CAD 190,000 / year · Lever
Job facts
| Field | Value |
|---|---|
| Company | Match Group |
| Title | Incident Response Manager (Security Operations Center) |
| Normalized title | - |
| Department / team | Match Group / Security |
| Location | Vancouver, BC, Canada |
| Work model | Hybrid / Hybrid |
| Employment type | Full Time |
| Salary | CAD 170,000–CAD 190,000 / year |
| Status | active |
| ATS provider | Lever |
| Posted / first seen | 2026-04-09 / 2026-05-29 |
| Changed / last seen | 2026-05-29 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Match Group. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Lever. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in Vancouver. | Open |
| Department jobs | Active postings in Match Group. | Open |
| Work model jobs | Active Hybrid postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Match Group |
| Source | cad27147-ba1a-4e3d-8008-1d5aa12d0cd7 |
| ATS provider | Lever |
Description
Why Match Group?
Our mission is simple – to help people find love and happiness! We love our employees too and understand the importance of all life's milestones. Here are some of the benefits we are proud to offer:
Mind & Body – Medical, mental health, and wellness benefits to support your overall health and well-being
Financial Wellness – Competitive compensation, 100% employer match on 401k contributions up to 10% (cap at $10,000), as well as an employee stock purchase program to help you feel supported in your financial security
Unplug – Generous PTO and 14 paid holidays so you can unplug
Career – Annual training allowance for professional development and ERG membership opportunities and events so you feel connected and empowered in your work
Family – Families come in all shapes and sizes so we offer 20 weeks of 100% paid parental leave, fertility, adoption, and child care resources, as well as pet insurance and discounts
Company Gatherings – We host company events where our employees get to know each other and build a sense of connection and belonging!
We are proud to be an equal opportunity employer and we value the rich dynamics that diversity brings to our company. We do not discriminate on the basis of race, religion, color, creed, national origin, ancestry, disability, marital status, age, sexual orientation, sex (including pregnancy and sexual harassment), gender identity or expression, uniformed service or veteran status, genetic information, or any other legally protected characteristic. Period.
If you require a reasonable accommodation to participate in the hiring process — such as during pre-employment testing or interviews — please indicate this by selecting “Yes” in the accommodation request field. We’ll reach out to discuss your needs if you're selected for the interview stage.
#MG
About the Role
As the Manager, IR / SOC , you will lead the integrated team responsible for Detection Engineering , Security Operations Center (SOC) , and Incident Response (IR) across Match Group. Reporting to the Sr. Director of Security Engineering, you will drive the strategic vision of maximizing rapid and accurate threat response capabilities by integrating these three core functions and leveraging AI-driven innovation.
You will own the detection lifecycle end-to-end — from signal engineering and alert tuning through triage, investigation, and incident resolution — while building toward an AI-augmented SOC model that reduces noise, accelerates response, and scales across a global portfolio.
What You'll Do
Lead and develop a high-performing team of SOC analysts, detection engineers, and incident responders operating across multiple time zones with 24/7 coverage
Play a key role in developing the detection engineering framework , contributing to detections-as-code (DaC) via GitOps/CI/CD pipelines for consistency and automated deployment
Drive AI Agentic SOC adoption — evaluate, select, and implement AI-driven triage and investigation tooling to maximize SOC efficiency, reduce false positives, and accelerate initial response speed
Manage the full incident lifecycle — from detection through containment, eradication, recovery, and lessons learned — partnering with Legal, Communications, Privacy, and Engineering teams
Build and refine detection content across the SIEM platform, integrating log sources across all MG brands (Tinder, Hinge, Match, E&E, HPCNT, Eureka, and New Bets)
Establish and track SOC metrics and SLAs , creating dashboards to visualize performance, alert fidelity, and response effectiveness
Coordinate and execute IR tabletop exercises (technical and management-level) across brands to validate readiness and improve playbooks
Partner with the Red Team to validate detection capabilities through adversary simulation and assumed-compromise testing
Collaborate with Platform Security, InfraSec, and AppSec teams to identify and close detection gaps across cloud-native and hybrid environments (AWS, GCP), datacenter infrastructure, endpoints (CrowdStrike), identity (Okta), SaaS, and application layers
Integrate threat intelligence into detection and response workflows to anticipate and proactively defend against emerging threats
Use automation to improve detection and response times and mitigate incident impact
What You'll Bring
5+ years of experience in security operations, incident response, detection engineering, or threat hunting, with 2+ years in a team leadership or management role
Proven experience building and operating a modern SOC in cloud-native and hybrid environments (AWS, GCP) and datacenter infrastructure
Hands-on experience with SIEM platforms and SOAR tools — including detection-as-code methodologies
Strong understanding of AI/ML applications in security operations — agentic SOC, automated triage, and intelligent alert enrichment
Experience managing the full incident lifecycle across complex, multi-brand or multi-tenant environments
Deep knowledge of attacker TTPs (MITRE ATT&CK), endpoint and network forensics, and threat hunting techniques
Experience with cloud security monitoring (AWS CloudTrail, GuardDuty, Security Hub, CloudWatch; GCP Security Command Center), datacenter security , and container orchestration security (Kubernetes)
Familiarity with identity and access security monitoring (Okta, SSO, MFA events)
Experience coordinating with external incident response teams, law enforcement , and cross-functional stakeholders during security events
Polished verbal and written communication skills — ability to communicate clearly during high-pressure incidents and deliver thorough post-incident reports to technical and executive audiences
Relevant certifications are a plus: GCIH, GCFA, GCIA, GSOM, CISSP, or equivalent
Nice to Have
Experience with Python-based detections and log analysis in modern cloud-native SIEM platforms
Background in the consumer internet/dating industry or other high-scale B2C platforms
Familiarity with Cloudflare (WAF, Bot Management), CrowdStrike, and SaaS security monitoring (Obsidian or similar)
Experience building or leading a Blue Team volunteer program or cross-functional security response team
Full job record
| Job ID | ce30970b7ee93f5fae56f59c7f41514928012966 |
| Org ID | ebc47b6a-8876-45bc-885d-50880fc283e3 |
| Source ID | cad27147-ba1a-4e3d-8008-1d5aa12d0cd7 |
| Board ID | cad27147-ba1a-4e3d-8008-1d5aa12d0cd7 |
| Provider | lever |
| Provider Job Key | 95af35c5-a667-4ecd-8eaa-dc268e90438b |
| Title | Incident Response Manager (Security Operations Center) |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Vancouver, British Columbia |
| Department | Match Group |
| Team | Security |
| Employment Type | Full-time |
| Workplace Type | hybrid |
| Remote Policy | hybrid |
| Country | Canada |
| Region | BC |
| City | Vancouver |
| Salary Raw | CAD 170000-190000 per-year-salary |
| Salary Min | 170,000 |
| Salary Max | 190,000 |
| Salary Currency | CAD |
| Salary Period | year |
| Source URL | https://jobs.lever.co/matchgroup/95af35c5-a667-4ecd-8eaa-dc268e90438b |
| Apply URL | https://jobs.lever.co/matchgroup/95af35c5-a667-4ecd-8eaa-dc268e90438b/apply |
| First Seen At | 2026-05-29 07:07:24Z |
| Last Seen At | 2026-06-06 07:57:18Z |
| Last Checked At | 2026-06-06 07:57:18Z |
| Last Changed At | 2026-05-29 07:07:24Z |
| Inactive At | — |
| Source Posted At | 2026-04-09 23:19:21Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=lever/board=matchgroup/date=2026-06-06/2026-06-06T07-57-18-335Z-65de7e1111abce3e5fa58d0d24422868cf0554552f33bc5b7b9a3ac9a42f4198.json |
Event Fields
{
"content_hash": "3229f5a9ab5c2f08d7e2959edcb817ae39f609f55b12d434196ae813f04831c2",
"source_hash": "b51892ebe928b1ec51a899a8346bae196d28d6f967de30437f92f9a0ba414b37",
"last_changed_at": "2026-05-29T07:07:24.833Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "Vancouver, British Columbia",
"city": "Vancouver",
"region": "BC",
"country": "Canada",
"is_remote": false,
"confidence": 0.85
},
"salary_max": 190000,
"salary_min": 170000,
"inferred_at": "2026-06-06T07:57:18.866Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "Vancouver, British Columbia",
"city": "Vancouver",
"region": "BC",
"country": "Canada",
"is_remote": false,
"confidence": 0.85
},
"countries": [
"Canada"
]
},
"remote_policy": "hybrid",
"salary_period": "year",
"workplace_type": "hybrid",
"salary_currency": "CAD"
}Extensions
{}Native Structured
{
"lists": [
{
"text": "About the Role",
"content": "<div>\n<p>As the <strong>Manager, IR / SOC</strong>, you will lead the integrated team responsible for <strong>Detection Engineering</strong>, <strong>Security Operations Center (SOC)</strong>, and <strong>Incident Response (IR)</strong> across Match Group. Reporting to the Sr. Director of Security Engineering, you will drive the strategic vision of maximizing rapid and accurate threat response capabilities by integrating these three core functions and leveraging AI-driven innovation.</p>\n<p>You will own the detection lifecycle end-to-end — from signal engineering and alert tuning through triage, investigation, and incident resolution — while building toward an AI-augmented SOC model that reduces noise, accelerates response, and scales across a global portfolio.</p>\n</div>"
},
{
"text": "What You'll Do",
"content": "<div>\n\n<li>\n<p><strong>Lead and develop</strong> a high-performing team of SOC analysts, detection engineers, and incident responders operating across multiple time zones with 24/7 coverage</p>\n</li>\n<li>\n<p><strong>Play a key role in developing the detection engineering framework</strong>, contributing to detections-as-code (DaC) via GitOps/CI/CD pipelines for consistency and automated deployment</p>\n</li>\n<li>\n<p><strong>Drive AI Agentic SOC adoption</strong> — evaluate, select, and implement AI-driven triage and investigation tooling to maximize SOC efficiency, reduce false positives, and accelerate initial response speed</p>\n</li>\n<li>\n<p><strong>Manage the full incident lifecycle</strong> — from detection through containment, eradication, recovery, and lessons learned — partnering with Legal, Communications, Privacy, and Engineering teams</p>\n</li>\n<li>\n<p><strong>Build and refine detection content</strong> across the SIEM platform, integrating log sources across all MG brands (Tinder, Hinge, Match, E&E, HPCNT, Eureka, and New Bets)</p>\n</li>\n<li>\n<p><strong>Establish and track SOC metrics and SLAs</strong>, creating dashboards to visualize performance, alert fidelity, and response effectiveness</p>\n</li>\n<li>\n<p><strong>Coordinate and execute IR tabletop exercises</strong> (technical and management-level) across brands to validate readiness and improve playbooks</p>\n</li>\n<li>\n<p><strong>Partner with the Red Team</strong> to validate detection capabilities through adversary simulation and assumed-compromise testing</p>\n</li>\n<li>\n<p><strong>Collaborate with Platform Security, InfraSec, and AppSec</strong> teams to identify and close detection gaps across cloud-native and hybrid environments (AWS, GCP), datacenter infrastructure, endpoints (CrowdStrike), identity (Okta), SaaS, and application layers</p>\n</li>\n<li>\n<p><strong>Integrate threat intelligence</strong> into detection and response workflows to anticipate and proactively defend against emerging threats</p>\n</li>\n<li>\n<p><strong>Use automation</strong> to improve detection and response times and mitigate incident impact</p>\n</li>\n\n</div>"
},
{
"text": "What You'll Bring",
"content": "<div>\n\n<li><strong>5+ years</strong> of experience in security operations, incident response, detection engineering, or threat hunting, with <strong>2+ years</strong> in a team leadership or management role</li>\n<li>Proven experience building and operating a <strong>modern SOC</strong> in cloud-native and hybrid environments (AWS, GCP) and datacenter infrastructure</li>\n<li>Hands-on experience with <strong>SIEM platforms</strong> and <strong>SOAR tools</strong> — including detection-as-code methodologies</li>\n<li>Strong understanding of <strong>AI/ML applications in security operations</strong> — agentic SOC, automated triage, and intelligent alert enrichment</li>\n<li>Experience managing the <strong>full incident lifecycle</strong> across complex, multi-brand or multi-tenant environments</li>\n<li>Deep knowledge of attacker TTPs (MITRE ATT&CK), endpoint and network forensics, and threat hunting techniques</li>\n<li>Experience with <strong>cloud security monitoring</strong> (AWS CloudTrail, GuardDuty, Security Hub, CloudWatch; GCP Security Command Center), <strong>datacenter security</strong>, and container orchestration security (Kubernetes)</li>\n<li>Familiarity with <strong>identity and access security</strong> monitoring (Okta, SSO, MFA events)</li>\n<li>Experience coordinating with <strong>external incident response teams, law enforcement</strong>, and cross-functional stakeholders during security events</li>\n<li>Polished verbal and written communication skills — ability to communicate clearly during high-pressure incidents and deliver thorough post-incident reports to technical and executive audiences</li>\n<li>Relevant certifications are a plus: GCIH, GCFA, GCIA, GSOM, CISSP, or equivalent</li>\n\n</div>"
},
{
"text": "Nice to Have",
"content": "<div>\n\n<li>Experience with Python-based detections and log analysis in modern cloud-native SIEM platforms</li>\n<li>Background in the consumer internet/dating industry or other high-scale B2C platforms</li>\n<li>Familiarity with Cloudflare (WAF, Bot Management), CrowdStrike, and SaaS security monitoring (Obsidian or similar)</li>\n<li>Experience building or leading a Blue Team volunteer program or cross-functional security response team</li>\n\n</div>"
}
],
"country": "CA",
"createdAt": 1775776761661,
"updatedAt": null,
"categories": {
"team": "Security",
"location": "Vancouver, British Columbia",
"commitment": "Full-time",
"department": "Match Group",
"allLocations": [
"Vancouver, British Columbia"
]
},
"salaryRange": {
"max": 190000,
"min": 170000,
"currency": "CAD",
"interval": "per-year-salary"
},
"workplaceType": "hybrid"
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/ce30970b7ee93f5fae56f59c7f41514928012966?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/ebc47b6a-8876-45bc-885d-50880fc283e3JSONGET https://api.bluedoor.sh/job-postings/v1/sources/cad27147-ba1a-4e3d-8008-1d5aa12d0cd7JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/ce30970b7ee93f5fae56f59c7f41514928012966/eventsJSON