Director, Cyber Defense

United States · Research Triangle Park, NC · CIO KPop-Dallas · Atlanta, GA · New York, NY · No CityFull-time$201k–$376kPosted Jul 13, 2026
Apply

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

The Director, Cyber Defense, leads Kyndryl's operational defense mission across a globally distributed security organization. This role reports to the Vice President and Deputy CISO, Cyber Operations.

You will own the full incident response lifecycle, run follow-the-sun security operations across AMER, EMEA, and APAC, direct the cyber threat intelligence program, and drive the conversion of that intelligence into the detection coverage and defensive architecture that protect Kyndryl's global enterprise estate. You will set the engineering discipline that keeps detection content tested, version-controlled, and continuously validated against the adversary. During major security incidents, you will exercise cross-functional coordination authority to drive rapid, disciplined response. The window between vulnerability and exploit is compressing as adversaries adopt AI-accelerated tooling. This role exists to keep Kyndryl's defense ahead of that curve.

What You'll Do:

  • Lead 24/7 global security operations through a follow-the-sun model spanning AMER, EMEA, and APAC regions.
  • Own the full incident response lifecycle, triage through post-incident review, with forensic preservation standards maintained throughout.
  • Coordinate with the Incident Commander function with clear escalation authorities, runbooks, and cross-functional coordination protocols for cybersecurity incidents.
  • Direct the Cyber Threat Intelligence program and own the intelligence-to-defense loop: convert prioritized adversary intelligence into detection requirements, control coverage decisions, and changes to the defensive architecture.
  • Govern ATT&CK-aligned detection coverage on measured efficacy, and stand up continuous validation through adversary emulation and detection testing to prove that intelligence-driven defenses fire against the techniques they target.
  • Set detection-as-code discipline across the detection lifecycle: version-controlled content, release rigor, automated testing, and telemetry quality standards, executed jointly with the SIEM, SOAR, & Agent Development team that owns the underlying pipeline and platform.
  • Drive operational measurement toward compressing the defender's detect-decide-act cycle against AI-accelerated adversaries, not raw response speed alone.
  • Coordinate with Vulnerability Management on remediation prioritization and exploitability-informed sequencing. This role does not own the vulnerability management function.
  • Collaborate with the AI-Driven Cyber Defense team to integrate automation and ML into defensive operations.
  • Build and develop a globally diverse team, investing in their growth across technical, analytical, and leadership competencies.

What You Bring:

  • Proven ability to lead security operations and incident response at enterprise scale, with the composure and decision quality to perform under pressure.
  • Strong command of threat-informed defense: translating intelligence into detection coverage and architecture decisions, anchored in MITRE ATT&CK, with kill chain analysis as a supporting lens for mapping attacker progression.
  • Working command of detection engineering practice: detection-as-code, content lifecycle management, and validation discipline, partnering with platform engineering rather than operating in isolation from it.
  • Strong command of incident response methodologies and escalation processes.
  • A leadership style that builds operational discipline without stifling initiative. You want your team thinking, not just executing.
  • Experience running geographically distributed teams with the cultural awareness that global operations demand.
  • The ability to communicate effectively with technical teams and executive leadership alike.

    Kyndryl currently does not require employees to be fully vaccinated against COVID-19, however, if you are hired to work at a client, customer, or partner location, you may be required to show proof of vaccination to align with their respective COVID-19 vaccination policies.  Those who believe they are eligible may apply for a medical or religious accommodation prior to the start of employment.

    Who You Are

    Requirements:

    • 12+ years in cybersecurity operations, incident response, threat intelligence, or SOC leadership, with at least 5 years in a senior leadership role over a globally distributed team.
    • Demonstrated track record leading a cyber defense or security operations program at comparable scale and complexity, defending a hybrid or multi-cloud enterprise estate.
    • Experience operationalizing threat intelligence into detection coverage and defensive architecture, with familiarity in detection engineering and continuous validation practice.
    • Dedication to continuous learning through a combination of self-directed, certification, military, and formal education sources.

    The compensation range for the position in the U.S. is $200,800 to $375,600 based on a full-time schedule.  Your actual compensation may vary depending on your geography, job-related skills and experience.  For part time roles, the compensation will be adjusted appropriately. The pay or salary range will not be below any applicable state, city or local minimum wage requirement.

    Being You

    Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way.

    What You Can Expect

    With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations.  At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.

    Get Referred!
    If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.
     

    Want jobs like this matched to you?

    Swoopd scores fresh postings against your résumé so you only see the matches that matter.

    Get started free