Senior Cyber Defense Manager - Incident Response

Boyd Gaming Corporation has been successful in gaming jurisdiction in which we operate in the United States and is one of the premier casino entertainment companies in the United States. Never content to rest upon our successes, we will continue to evolve and retain a position of leadership in our industry. Our past success, our current business philosophies and our sound business planning, combine to position Boyd Gaming Corporation to maximize value for our shareholders, our team members and our communities.

Lead the Cyber Incident Response Program

• Oversee the full incident response lifecycle: preparation, identification, containment, eradication, recovery, and post-incident lessons learned (per NIST SP 800-61 or similar frameworks).
• Manage day-to-day incident response operations, including triage, investigation coordination, forensic analysis, and executive-level reporting.
• Develop, maintain, and regularly test incident response playbooks, runbooks, and escalation procedures.

Enhance Detection Capabilities

• Drive continuous improvement of threat detection engineering, including tuning of SIEM rules, EDR/XDR configurations, threat intelligence integration, and behavioral analytics.
• Collaborate with SOC, threat hunting, and security engineering teams to reduce false positives, accelerate mean time to detect (MTTD) and respond (MTTR), and implement proactive detection use cases.
• Lead initiatives to mature internal blue-team capabilities across endpoints, cloud, identity, network, and email environments.

Manage MSSP Services Transition

• Lead the end-to-end transition of MSSP services from the current provider to the new partner, including planning, knowledge transfer, contract/SLA alignment, and cutover execution.
• Conduct due diligence on the new MSSP, define transition success criteria, and mitigate risks during handover (e.g., service continuity, data migration, access controls).
• Establish governance for the new MSSP relationship, including performance monitoring, regular service reviews, incident handoff protocols, and continuous improvement feedback loops.
• Ensure the transition strengthens rather than disrupts detection and response effectiveness.

Team Leadership & Development

• Build, mentor, and lead a high-performing incident response team (internal analysts, responders, and cross-functional partners).
• Provide performance management, career development, and technical coaching to team members.
• Foster a culture of continuous learning, tabletop exercises, red/blue team simulations, and post-incident reviews.
• Stakeholder Collaboration & Reporting
• Serve as the primary point of contact for major incidents, briefing executive leadership, legal, compliance, and external regulators as needed.
• Coordinate with IT, legal, risk, business units, and external partners (e.g., law enforcement, forensics firms) during incidents.
• Produce executive-level reports on incident trends, program maturity, detection improvements, and transition status.

Program Maturity & Compliance

• Align incident response practices with industry standards (NIST, ISO 27001, MITRE ATT&CK, etc.) and regulatory requirements.
• Drive metrics-driven improvements and maturity assessments for the IR program.
• Contribute to enterprise-wide security initiatives, including vulnerability management, threat intelligence, and security awareness.

Required:

• 10+ years of progressive experience in cybersecurity, with at least 5+ years in incident response, digital forensics, or security operations leadership roles.
• Proven experience leading cyber incident response teams and managing complex, high-impact incidents.
• Demonstrated success in vendor/MSSP transitions or outsourcing handovers in a cybersecurity context.
• Strong understanding of detection technologies (SIEM, EDR/XDR, SOAR, threat intelligence platforms) and experience improving detection efficacy.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field (Master's preferred).
• Relevant certifications such as CISSP, CISM, GIAC GCFA/GCIH/GCTI, or similar.

Preferred:

• Experience in a regulated industry (e.g., finance, healthcare, critical infrastructure).
• Hands-on technical experience with tools such as Splunk, Elastic, CrowdStrike, Microsoft Defender, Sentinel, or similar.
• Prior experience building or maturing an internal SOC/IR function while reducing MSSP dependency. Skills & Competencies
• Exceptional leadership, communication, and stakeholder management skills — able to translate technical details for non-technical audiences.
• Strong project/program management abilities, especially in high-stakes transitions. • Analytical mindset with experience in root cause analysis and threat hunting.
• Ability to thrive in a fast-paced, high-pressure environment with on-call responsibilities.
• Strategic thinker focused on long-term program maturity and risk reduction.

Boyd Gaming is proud to be an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state, or local protected class.

Boyd Gaming is proud to be an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state, or local protected class.