KLA Careers

Senior Manager - Cybersecurity Detection and Response

This job posting is no longer active

Company Overview

Calling the adventurers ready to join a company that's pushing the limits of nanotechnology to keep the digital revolution rolling. At KLA, we're making technology advancements that are bigger—and tinier—than the world has ever seen.

Who are we?  We research, develop, and manufacture the world's most advanced inspection and measurement equipment for the semiconductor and nanoelectronics industries. We enable the digital age by pushing the boundaries of technology, creating tools capable of finding defects smaller than a wavelength of visible light. We create smarter processes so that technology leaders can manufacture high-performance chips—the kind in that phone in your pocket, the tablet on your desk and nearly every electronic device you own—faster and better. We're passionate about creating solutions that drive progress and help people do what wouldn't be possible without us.  The future is calling. Will you answer?


The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property



The Senior Manager - Cybersecurity Detection and Response will manage the Security Operations Center (SOC) for KLA globally. The mission of the KLA SOC is to protect intellectual property (IP) across KLA as a primary goal. The SOC performs prevention, detection, incident management, threat hunting and actively focuses on the protection of KLA IP.

In this role, you will oversee the people, processes, and technology involved in all operational aspects of the SOC. Requirements will include implementing and overseeing cyber-related activities to make the SOC run more efficiently and protect against malicious attacks and the compromise or exfiltration of KLA IP. The qualified candidate will posses strong leadership abilities as well as a strong comprehension of malware, emerging threats and the ability to calculate risk will be critical to success. This role requires the ability to work with minimal direction while leading technical aspects of cybersecurity incident detection and response, focusing on very unstructured incidents and high-risk events.

Additional job requirements: 

  • Specializing in network-centric analysis, host-centric analysis (live response, digital forensics), malware analysis, and/or log-centric analysis (SIEM).
  • Writing signatures, tune systems/tools, and develop scripts and correlation rules, 
  • The best candidates for the role work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of a SOC.
  • Recommending and implmenting metrics to deomstrate the value of the SOC and related activities to Senior Level of Mangement, such as Mean Time To Detect, Mean Time to Respond, Mean Time to Contain, Meant Time to Recover, etc.
  • Cybersecurity / Blue Team processes, policies, playbooks, checklists, Tactics, Techniques and Procedures (TTPs) including first-line and incident response and reporting / notification thresholds, malware analysis and other Blue Team areas.  
  • Manages the execution of breach and incident response effectiveness process from A to Z.
  • Development of checklists to guide cybersecurity response and quick reaction and to formalize other cybersecurity processes/policy.
  • Hands-on technical implementation experience in Cyber SOC metrics development and automation, security instrumentation and fine-tuning, to produce meaningful security and high-fidelity analytics based on feeds/data integrations from several devices/sources (system/endpoint, network, security, etc.). 
  • Highly focused on ensuring response processes and service levels are met expeditiously and properly for all cyber events and escalations.
  • Knowledge of NAC technical implementation, including technical hands-on integration, deployment, configuration and fine tuning with routers, switches and firewalls and modern NAC solution. 
  • Expert Technical Implementation experience specifically with Splunk, Palo Alto Firewall data, Microsoft systems and Servers and Active Directory environment, familiar with Python and PowerShell. 
  • SOC and Incident Response process flow experience and IR experience to assist in the development of Blue Team TTPs and checklists / playbook. 
  • Hands-on technical implementation experience in Cyber SOC metrics development and automation, security instrumentation and fine-tuning, to produce meaningful security analytics based on feeds/data integrations from several devices/sources (system, network, security, etc.)
  • Expert knowledge in the following areas is exepcted:
    • Security Incident and Event Management (SIEM) and Centralized Monitoring of Log and Alert Data
    • Incident Response
    • Threat Intelligence
    • Vulnerability Life-Cycle Management
    • Anti-Denial of Service
    • Endpoint and Device Management and Security
    • Situational awareness of Endpoint Security Policies
    • Network and Perimeter Security Policy
    • Unified Identity and Access Management
    • Monitoring and Reporting of Compliance and Governance Metrics
    • Close Alignment with Disaster Recovery and Business Continuity Practices 
    • NexGen Threat Hunting Technology
    • 24×7 Continuous Monitoring & Support
    • Rapid Response to all Security Incidents
    • Identity, Access & GRC Management
    • Reporting and Log Retention Policy
    • Advanced Protection against both Perimeter and Insider Threats


  • Strong verbal and written communication skills 
  • CISSP, OSCP or related SANS certifications preferred 
  • Detailed understanding of APT, Cyber Crime and other associated tactics 
  • Professional experience with Cyber Security, Operations Security, Product Security, Information Assurance, and Information Technology 
  • Experience with host based detection and prevention suites.
  • Experience with host-centric tools for forensic collection and analysis (Encase, etc.) 
  • Experience with Network Forensics and/or Network Security Monitoring tools and analysis techniques (alert, flow/session and PCAP analysis) 
  • Experience with malware and reverse engineering (Dynamic and static analysis) 
  • Strong IT infrastructure background including familiarity with the following:
    • Networking (TCP/IP, UDP, Routing)
    • Applications (HTTP, SMTP, DNS, FTP, SSH, etc.) 
    • Encryption (DES, AES, RSA) and hashing algorithms (MD5, SHA-1, etc.) 
    • System/Application vulnerabilities and exploitation
    • Operating systems (Windows, Linux and Mac) 
    • Cloud technology (SaaS, IaaS, PaaS) and associated digital forensics and incident response techniques 
    • Working knowledge of secure communication methods, including Secure Shell, S/MIME and PGP/GPG

Minimum Qualifications

  • Bachelor’s Degree in Computer Science or related field
  • Minimum of 6 years of professional experience in Cybersecurity, IT Security, Incident Response or Detection 
  • Minimum of 2 years of professional experience in a Management or People Leader role

Equal Employment Opportunity

KLA is an Equal Opportunity Employer. Applicants will be considered for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristics protected by applicable law.

Related Careers