Manager, Cybersecurity

Are you interested in harnessing technology and AI to transform healthcare?

 At XiFin, we believe a healthier, more efficient healthcare system starts with strong financial and operational foundations. Our innovative technologies help diagnostic providers, laboratories, and healthcare systems manage complexity, drive better outcomes, and stay focused on what matters most: patient care.

We’re on a mission to simplify the business side of healthcare—and we know that mission takes people from all backgrounds and experiences. Whether you’re early in your career or bringing years of expertise, we welcome your perspective, your curiosity, and your passion. We value individuals who ask questions, challenge the status quo, and want to grow while making a real difference.

About the Role

The Manager, Cybersecurity, is a hands-on SecOps leader responsible for the effectiveness of detection and response across the organization. You will lead a small internal team and manage an outsourced Managed Detection and Response (MDR) provider, ensuring strong operational execution across monitoring, incident response, threat hunting, and security tooling.

You will lead vulnerability and exposure management with a SecOps mindset—driving asset visibility and coverage, risk-based prioritization, remediation verification, and risk acceptance (when appropriate) across endpoints, servers, cloud, and SaaS. You will track operational metrics (e.g., MTTA/MTTR, detection coverage, remediation aging), identify gaps, and execute a pragmatic roadmap that strengthens the security program and reduces cyber risk.

You will own incident response end-to-end, triage and investigation, containment and eradication, and post-incident reviews ensuring documentation and evidence handling meet compliance requirements. You will coach and mentor the team, run tabletop exercises, maintain runbooks/playbooks, and set clear expectations for alert quality, escalation, and service levels.

You will apply AI and automation to improve SecOps outcomes (e.g., faster triage, better context enrichment, and more consistent response) while maintaining appropriate human oversight, validation, and auditability. In partnership with stakeholders, you will help establish monitoring and controls for enterprise AI/LLM usage (approved tools, access, logging, and data handling) to reduce the risk of sensitive-data exposure and shadow AI.

This is an onsite position located at our San Diego, CA office. 

This position is not eligible for employment sponsorship now or in the future. Applicants must have current and ongoing authorization to work in the United States.

How you will make an impact:

In this role, you’ll:

• Lead internal day-to-day Security Operations (SOC) execution, including coaching, mentoring, and establishing on call/escalation coverage, operating rhythm, and create and conduct internal tabletop exercises.
• Coordinate with and manage the outsourced MDR provider to ensure effective monitoring, alert triage, escalation, and reporting.
• Oversee vulnerability and exposure management with IT/Engineering—improve asset visibility and coverage, prioritize remediation by exploitability and business impact, and track SLAs and risk reduction.
• Lead incident response investigations across Windows and Linux (triage through containment/eradication and lessons learned), including documentation, evidence handling, and post-incident reviews.
• Own incident response readiness by maintaining runbooks/playbooks, leading tabletop exercises, and improving stakeholder readiness and communications.
• Research and apply AI/automation to SecOps workflows (e.g., alert enrichment, summarization, case management, and response orchestration) with strong human-in-the-loop controls, validation, and auditability.
• Establish and operate monitoring and controls for enterprise AI/LLM usage (approved tools, access, logging, and data handling) to reduce risk of sensitive-data exposure and shadow AI.
• Evolve incident response for AI-enabled threats (e.g., advanced phishing, business email compromise, and deepfake/social engineering), updating playbooks, detections, and stakeholder readiness.
• Drive detection engineering for any platform not in scope with the MDR provider: build, test, tune, and maintain SIEM/EDR use cases, correlation rules, alert logic, and response automation to improve signal-to-noise.
• Own log collection strategy and monitoring outcomes—onboard critical log sources, validate data quality, and tune alerts/dashboards to identify trends requiring early action.
• Research attacker tradecraft (TTPs), emerging threats, and vulnerability/exploit trends, translating insights into actionable detections and response playbooks.
• Lead an ongoing threat hunting and purple teaming program to validate detection coverage, uncover gaps, and prioritize improvements.
• Define, document, and validate security baselines and hardening standards (e.g., Windows/Linux, cloud, identity) and partner with IT/Engineering to implement and measure compliance.

What you will bring to the team:  

We’re looking for someone with a growth mindset and a passion for learning. You might be a great fit if you:

• A collaborative approach, working effectively with engineering, product, and executive leadership across the organization.
• A strong sense of accountability, ensuring operational excellence and reliable technology delivery.
• A passion for building and developing teams, inspiring individual to deliver their best work.
• A commitment to continuous improvement, driving operational maturity, automation, and innovation.

Skills and experience you have: 

You don’t need to check every box. We will consider a combination of education and experience, including:

• BS in Computer Science, Engineering, or relevant disciple
• 8 years experience in cybersecurity with at least 2 years of leadership experience 
• In-depth experience in managing or using a SIEM
• Technical proficiencies in securing Windows and Linux operating systems
• Experience working with endpoint logging/EDR products
• Extensive experience leading incident response investigations 
• Preferred certifications GCIH, GCIA, GCED, GCWN, GMON, GCUX, GCDA, CISSP
• Familiarity with HIPAA and/or PCI-DSS a plus

Why XiFin?

We’re more than just a healthcare technology company—we’re a team that cares about people.
 Here’s a glimpse at what we offer:

• Comprehensive health benefits including medical, dental, vision, and telehealth
• 401(k) with company match and personalized financial coaching to support your financial future 
• Health Savings Account (HSA) with company contributions
• Wellness incentives that reward your preventative healthcare activities
• Tuition assistance to support your education and growth
• Flexible time off and company-paid holidays
• Social and fun events to build community at our locations!

Pay Transparency

At XiFin, we believe in pay transparency and fairness. The expected annual salary range for this role is $140,00 to $175,000, based on your experience, skills, and geographic location.

Depending on your qualifications, final compensation will be determined during the selection process and may vary accordingly.

Accessibility & Accommodations

We’re committed to providing an inclusive and accessible experience for all applicants. If you need a reasonable accommodation during the application process, please contact us at 858-436-2900.

Equal Opportunity Employer

XiFin is proud to be an equal opportunity employer. We value diverse voices and do not discriminate on the basis of race, color, religion, national origin, gender, gender identity, sexual orientation, disability, age, veteran status or any other basis protected by law.

Ready to apply?
 We’d love to hear from you—even if you’re not sure you meet every qualification. If you're excited about the role and believe you can contribute to our team, please apply. Let's build something meaningful together.