Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us!
Figma's Security team is growing, and we're looking for a Security Operations Manager to lead the strategy and execution of our security operations program. In this role, you'll build and scale the systems, processes, and tooling that help protect Figma and our community. You'll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions.
This is a full time role that can be held from one of our US hubs or remotely in the United States.
What you'll do at Figma:
- Own Figma's security monitoring and incident response program, from detection engineering through post-incident review and continuous improvement
- Build and automate security operations workflows, including alert triage, enrichment, investigation, and response actions using SOAR and custom tooling
- Develop and maintain incident response run books, escalation procedures, and communication plans for security events of varying severity
- Lead incident response preparedness initiatives, including tabletop exercises, red team engagements, and response capability assessments
- Improve the effectiveness of our SIEM and SOAR platforms by reducing noise, increasing signal fidelity, and closing detection coverage gaps
- Build and operationalize threat intelligence capabilities to identify adversary behaviors, prioritize investments, and strengthen detection and response programs
- Partner with Legal, Privacy, and Communications teams to support breach notification and regulatory response obligations during significant security incidents
- Drive security operations strategy through vendor management, operational metrics, and cross-functional initiatives spanning IAM, vulnerability management, DLP, and exposure reduction
We'd love to hear from you if you have:
- 7+ years of experience in security operations, incident response, or a related security engineering function
- Hands-on experience building and automating detection and response workflows using scripting, APIs, or security automation platforms
- Deep expertise with SIEM and SOAR technologies in a cloud-native or SaaS environment
- Demonstrated success building, scaling, or significantly improving a detection and response program
- Experience leading complex se