What’s Unique About You Is What Makes Us Better! Diversity is our strength and competitive advantage. Bring your flavor to the Papa John's team today!
Job Summary
The Senior Manager, Cyber Security is a technical leader responsible for the detection, response, and continuous monitoring capabilities that protect the company's restaurant technology, payment infrastructure, digital platforms, and corporate systems.
A defining feature of this role is the strategic partnership with CrowdStrike Managed Detection and Response (MDR), which provides outsourced Tier 1–2 endpoint monitoring and containment. This role owns this vendor relationship and is accountable for ensuring seamless escalation, SLA compliance, and integration of CrowdStrike intelligence and telemetry into the broader security program. Tier 3 escalation, forensics, threat hunting, and non-endpoint detection remain internal responsibilities
Duties and Responsibilities (other duties as assigned)
Security Operations & Detection
Responsibility for the enterprise security monitoring program across all environments: corporate IT, restaurant POS networks, cloud platforms, digital ordering applications, and loyalty systems.
Manage and continuously tune the SIEM platform — ensuring log source coverage, detection rule quality, alert fidelity, and dashboard accuracy across the full environment.
Define and own detection engineering: develop, test, and maintain detection logic for threats relevant to all environments including POS malware, skimming attacks, ransomware, and supply chain compromises.
Oversee 24/7 monitoring coverage in partnership with CrowdStrike MDR; ensure alerting gaps between endpoint (CrowdStrike) and non-endpoint (network, cloud, application) vectors are addressed.
Establish and maintain network detection and response (NDR) capabilities across restaurant and corporate network segments.
Incident Response & Crisis Management
Serve as a lead technical resource for all significant cybersecurity incidents — leading cross-functional response through containment, eradication, recovery, and post-incident review.
Own the Incident Response Plan and all associated playbooks; maintain and update playbooks to reflect current threat landscape, environment changes, and lessons learned.
Manage the CrowdStrike MDR escalation model — defining escalation thresholds, containment authorization levels, and communication protocols between CrowdStrike Tier 1–2 and internal Tier 3 response.
Lead tabletop exercises and IR simulations at least twice annually, including ransomware, POS breach, and data exfiltration scenarios.
Maintain relationships with external IR support (beyond CrowdStrike) for catastrophic scenarios requiring forensic retainer or legal hold support.
CrowdStrike Partnership Management
Serve as the primary operational owner of the CrowdStrike MDR engagement — managing day-to-day relationship, SLA performance reviews, and escalation authority.
Ensure CrowdStrike Falcon platform is properly deployed, tuned, and maintained across all in-scope endpoints including corporate devices, restaurant back-office systems, and relevant OT/IoT endpoints where applicable.
Integrate CrowdStrike threat intelligence feeds into internal SIEM detection rules and threat hunting operations.
Conduct quarterly business reviews with CrowdStrike to assess coverage, review incident trends, and evaluate scope expansion or tooling upgrades.
Escalate contract, coverage, or performance concerns to the CISO with documented recommendations.
Threat Intelligence & Hunting
Build a proactive threat intelligence program — consuming, curating, and actioning intelligence relevant to QSR, retail payments, and franchise technology environments.
Maintain awareness of the threat actor landscape targeting quick service restaurant chains, payment card infrastructure, and food service supply chains.
Produce actionable threat intelligence summaries for the CISO and, where appropriate, GRC and IAM teams to inform risk decisions.
Vulnerability Management
Provide leadership and critical support of the enterprise vulnerability management program — coordinating scanning, prioritization, and remediation tracking across corporate and restaurant environments.
Integrate vulnerability monitoring solution (endpoint vulnerability data) with network and application scanning results to produce a unified vulnerability view.
Maintain specific oversight of POS system and restaurant network patching cadence in coordination with IT operations and franchise technology partners.
Team Leadership & Development
Lead, mentor, and develop a team of 2–4 security professionals across SOC analysis, threat intelligence, and security engineering functions.
Build a high-performing, on-call-ready team culture with clear escalation paths, documented runbooks, and defined on-call rotation for after-hours incident coverage.
Partner with the CISO on headcount planning and hiring; actively participate in recruiting and interviewing for all team roles.
Foster knowledge-sharing and continuous learning — ensure team members maintain current certifications and stay ahead of evolving attacker techniques.
Metrics, Reporting & Continuous Improvement
Define and report on SOC and IR performance metrics: MTTD, MTTR, alert-to-incident conversion rate, false positive ratio, CrowdStrike escalation volume, and threat hunt findings.
Present a monthly operational security report to the CISO summarizing incident trends, detection coverage gaps, vulnerability status, and program improvements.
Drive continuous improvement through post-incident reviews, detection tuning cycles, and regular program health assessments.
Education, Experience & Certifications
Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field preferred.
Equivalent experience and certifications considered in lieu of degree.
8+ years of progressive cybersecurity experience, with at least 2 years in a SOC, IR, or detection engineering leadership role.
Two or more certifications in industry recognized cybersecurity leadership, governance & risk, and/or specialized incident response.
Functional Skills
Hands-on SIEM experience (Splunk, Microsoft Sentinel, or equivalent) including detection rule development and log source onboarding.
Direct experience managing or working alongside an outsourced MDR/MSSP partner — defining escalation models, reviewing SLAs, and owning the integration.
Experience in retail, hospitality, QSR, or other high-transaction consumer-facing technology environments strongly preferred.
Familiarity with POS network security, payment card environments, and PCI DSS requirements as they relate to security operations.
Advanced proficiency with SIEM platforms—dashboard development, and detection engineering.
Deep familiarity with CrowdStrike Falcon platform.
Strong knowledge of the MITRE ATT&CK framework — ability to map detections, hunting hypotheses, and incident findings to ATT&CK TTPs.
Working knowledge of network security monitoring (IDS/IPS, NDR, packet capture analysis), cloud security monitoring, and endpoint forensics.
Familiarity with scripting for automation (Python, PowerShell) — able to build basic detection logic, IOC enrichment scripts, and alert automation.
Understanding of POS system architectures, restaurant network topologies, and payment card data flows is a meaningful differentiator.
Our Values
EVERYONE BELONGS - We believe connectedness and belonging are the essential ingredients to our success
DO THE RIGHT THING - We are relentlessly focused on quality and integrity and make the right choices, even when it's difficult
PEOPLE FIRST - To craft positive experiences for our customers, we take care of each other first
INNOVATE TO WIN - We champion and challenge for a better way in all we do
HAVE FUN - We find joy, create meaningful impact and celebrate the journey together
Our Core Competencies
CUSTOMER CENTRIC - We leverage data and insights to craft a customer experience that builds relationships, cultivates trust, and delivers excellence
RESULTS DRIVEN – We focus on measurable outcomes by remaining optimistic, tenacious, and persistent even in the face of challenges
CONTINUOUS IMPROVEMENT - We champion for better through strategic risk taking, experimentation and challenging the status quo
BIAS FOR ACTION - We courageously lead, drive towards decisions, and maintain agility to meet the demands of our dynamic industry
WINNING TOGETHER - We work together to unlock our full potential by actively collaborating and contributing in a cross-functional capacity
Papa Johns is an equal opportunity employer.
Papa Johns is a federal contractor that participates in the E-Verify program to confirm employment eligibility for each new team member. We also comply with all Right to Work requirements. Official E-Verify and Right to Work notices are available for applicants to review in both English and Spanish.
Everybody loves pizza, which means they also love the people who are behind the scenes working to deliver it. This is complex and challenging work – but let’s face it – it’s also pizza! If you want a fulfilling career with a company that’s always moving forward, we’re the right place.
Papa John's is a Federal Contract employer who participates in E-Verify to confirm employment eligibility for each new team member. For more information please view the following PDFs: E-Verify Poster (English) - Right to Work Poster (English) - E-Verify Poster (Spanish) - Right to Work Poster (Spanish) Papa John's is an Affirmative Action and Equal Opportunity Employer. For more information please click on the following PDF. See terms & conditions for site use.