Skip to main content
Back to jobs

Sr. Director, Cyber Threat Detection & Response

External
McKesson logoMckesson · VA, Richmond
Full-timeHybridToday
ComplianceIncident ResponseLeadershipSIEMStakeholder Management
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


About the role

The Sr. Director, Threat Detection and Response (TDR) is responsible for leading a comprehensive enterprise capability that designs, implements, and operates scalable detection and response mechanisms while driving remediation of security gaps across technology environments (cloud, endpoints, identity, network, applications, and data platforms). This leader partners closely with the CISO organization, Technology Leadership, risk/compliance, and business stakeholders to prioritize investments, set standards, and ensure measurable improvements in detection fidelity, response readiness, and remediation throughput. This role requires strong technical depth in threat detection and response as well as the leadership maturity to operate at the executive level. The Director establishes TDR strategy, roadmaps, and success metrics; governs an operating rhythm for detection coverage and remediation execution; and ensures outcomes are delivered across multiple teams (often via influence).

Responsibilities

  • Define and own the enterprise TDR strategy and operating model (detection engineering, alerting standards, response readiness, and remediation governance) aligned to business risk and technology priorities.
  • Establish and report executive-level metrics and scorecards (e.g., detection coverage, alert quality, MTTD/MTTR, response readiness, remediation SLAs, risk reduction) and drive continuous improvement based on outcomes.
  • Lead selection, adoption, and lifecycle management of detection and response tooling and telemetry (SIEM, EDR/XDR, SOAR, UEBA, threat intel integrations, cloud logging, and case management), including integration standards and data quality requirements.
  • Partner with Security Operations (SOC/CSIRT), threat intelligence, vulnerability management, and platform teams to ensure detections map to prioritized threats and that response playbooks and automation are effective and current.
  • Establish remediation governance to drive closure of systemic security gaps identified through incidents, threat hunting, purple teaming, and control validation; ensure clear ownership, prioritization, timelines, and exception processes.
  • Drive enterprise telemetry and logging strategy in partnership with engineering and infrastructure: ensure critical systems are instrumented, logs are retained appropriately, and detections can be built and tuned against reliable data sources.
  • Lead and develop TDR talent (leaders, detection engineers, analysts) through hiring, coaching, performance management, and capability development; ensure teams have the training, tools, and operating discipline required for success.
  • Manage cross-functional stakeholder relationships and communications (Technology leaders, risk/compliance, audit, legal/privacy as needed), translating technical risk into business impact and driving alignment on funding, priorities, and delivery commitments.
  • Provide governance for incident and post-incident remediation: ensure lessons learned translate into durable control improvements, and conduct regular exercises/tabletops to validate readiness and benchmark progress.
  • Minimum Requirements
  • Degree or equivalent experience. Typically requires 15+ years of professional experience and 10+ years of diversified leadership, planning, communication, organization, and people motivation skills (or equivalent experience).

Requirements

  • 15+ years of cybersecurity experience with significant depth in threat detection, incident response, and security operations, including 10+ years leading teams and/or enterprise programs.
  • Hands-on and leadership experience with detection and response platforms and practices (SIEM content engineering, EDR/XDR, SOAR automation, threat intel integration, logging/telemetry pipelines, and case management).
  • Proven ability to drive remediation outcomes at scale establishing SLAs, clarifying ownership, prioritizing backlogs, and closing systemic gaps surfaced by incidents, hunts, and assessments.
  • Executive-ready communication and stakeholder management skills, including the ability to present risk, progress, and investment needs to senior leadership and influence decisions
  • Demonstrated ability to set strategy, secure organizational alignment/approv

Benefits

Health insurance

Additional Information

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you. Sr. Director, Cyber Threat Detection & Response Location: Richmond, VA, USA - 9954 Mayland Drive (on-site)


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at McKesson? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect