Corporate Security Operations Center, Principal

Your Role

The Corporate Security team is seeking an experienced Security Operations and Intelligence Consultant to enhance our security operations and threat intelligence capabilities. This strategic role requires deep expertise in Security Operations Centers (SOC), threat detection, and intelligence analysis. As a trusted advisor and strategic partner, you will guide the evolution of SOC functions, threat response strategies, and operational resilience across complex hybrid environments. Your work will ensure alignment with regulatory standards, industry best practices, and the protection of Blue Shield of California’s people, assets, and operations. Reporting to the Director of Corporate Security, you will lead improvement initiatives, employee training, vendor management, and budget planning. You will also collaborate cross-functionally to assess and optimize SOC capabilities, drive threat hunting and intelligence programs, and support the development of scalable, automated security operations. Your insights will directly shape our defense against advanced threats and the protection of critical infrastructure.

Your Work

In this role, you will:

• Serve as a subject matter expert in operations, policy and process development of a Security Operations Center (SOC) ensuring alignment with industry standards, regulatory requirements, and organizational goals.
• Integrate threat intelligence into Security Operations Center (SOC) workflows to enhance monitoring, detection, and incident response. Develop and refine detection strategies, incident response protocols, and key performance indicators (KPIs) to drive continuous improvement.
• Collaborate cross-functionally with HR, Legal, Cybersecurity, and Compliance teams to investigate and resolve incidents involving workplace violence, insider threats, external threats, and cyber-physical risks.
• Partner with the Business Continuity Team to develop and maintain emergency preparedness programs. Act as a key stakeholder and communicator during critical events, ensuring timely and accurate dissemination of mission-critical information.
• Oversee physical security systems in partnership with technology teams, including access control, surveillance, and alarm systems. Ensure systems are effectively installed, maintained, and upgraded as needed.
• Manage vendor relationships for Security Operations Center workforce. Track expenses, ensure budget alignment, evaluate vendor performance, and participate in contract negotiations and site evaluations.
• Lead or contribute to large-scale, cross-functional projects that extend beyond the Corporate Security department. Act as a liaison with external agencies (e.g., law enforcement, military, emergency responders) to enhance threat intelligence and response capabilities.
• Develop and implement operational strategies that improve systems, processes, and performance. Use data, KPIs, and industry benchmarks to inform decision-making and support strategic planning.
• Provide guidance, coaching, and training to foster a culture of security awareness and continuous learning.
• Communicate effectively with executive leadership and external stakeholders on matters of strategic importance. Prepare and deliver briefings, reports, and recommendations that influence decision-making.
• Lead complex project initiatives of strategic importance, often involving large cross-functional teams. May direct the work of other contributors and act as a team leader.
• Apply agile methodologies to solve complex, undefined problems. Conduct root cause analysis, develop innovative solutions, and set precedents for future decisions.

Your Knowledge and Experience

• Requires a Bachelor's degree in Criminal Justice, Cybersecurity, Intelligence Studies, Security and Risk Analysis or related field (or equivalent experience)
• Requires 10 years of working in corporate security, intelligence, or security operations
• Proven experience managing or supporting a Security Operations Center (SOC)
• Strong analytical skills and experience with threat intelligence platforms and methodologies
• Flexibility to work non-traditional schedules, including holidays, nights, and some weekends, to adapt to the company’s operations
• Familiarity with physical security systems (e.g., CCURE, VMS, intrusion detection)
• Familiarity with intelligence aggregator and mass communications software (e.g., Dataminr, Everbridge, AlertMedia, Horizon, Miir3)
• Excellent communication and interpersonal skills; ability to influence across departments
• Ability to manage multiple projects simultaneously, work autonomously, and navigate ambiguity effectively
• Certifications such as CPP, PSP, CISSP, or GCTI are a plus