Manager, Security Operations

<div class="content-intro"><p>Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us!</p></div><p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Figma's Security team is growing, and we're looking for a Security Operations Manager to lead the strategy and execution of our security operations program. In this role, you'll build and scale the systems, processes, and tooling that help protect Figma and our community. You'll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">This is a full time role that can be held from one of our US hubs or remotely in the United States.&nbsp;</p> <h4 class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>What you'll do at Figma:</strong></h4> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Own Figma's security monitoring and incident response program, from detection engineering through post-incident review and continuous improvement</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Build and automate security operations workflows, including alert triage, enrichment, investigation, and response actions using SOAR and custom tooling</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Develop and maintain incident response run books, escalation procedures, and communication plans for security events of varying severity</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Lead incident response preparedness initiatives, including tabletop exercises, red team engagements, and response capability assessments</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Improve the effectiveness of our SIEM and SOAR platforms by reducing noise, increasing signal fidelity, and closing detection coverage gaps</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Build and operationalize threat intelligence capabilities to identify adversary behaviors, prioritize investments, and strengthen detection and response programs</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Partner with Legal, Privacy, and Communications teams to support breach notification and regulatory response obligations during significant security incidents</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Drive security operations strategy through vendor management, operational metrics, and cross-functional initiatives spanning IAM, vulnerability management, DLP, and exposure reduction</li> </ul> <h4 class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>We'd love to hear from you if you have:</strong></h4> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">7+ years of experience in security operations, incident response, or a related security engineering function</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Hands-on experience building and automating detection and response workflows using scripting, APIs, or security automation platforms</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Deep expertise with SIEM and SOAR technologies in a cloud-native or SaaS environment</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Demonstrated success building, scaling, or significantly improving a detection and response program</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Experience leading complex security incidents and partnering with Legal, Privacy, and business stakeholders during high-impact events</li> </ul> <h4 class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>While it's not required, it's an added plus if you also have:</strong></h4> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Operated in a public company environment with SOX, ISO 27001, SOC 2, or FedRAMP requirements</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Applied AI risk management frameworks such as NIST AI RMF, OECD AI Principles, or ISO 42001</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Utilized AI-powered tools to automate security operations workflows and improve team efficiency</li> </ul> <p>At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.</p><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p><strong><span style="font-size: 16px;">Pay Transparency Disclosure</span></strong></p> <p>If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below.&nbsp;&nbsp;&nbsp;&nbsp;</p> <p>Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.&nbsp;</p> <p>Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental &amp; vision, retirement with company contribution, parental leave &amp; reproductive or family planning s