Maybe I'll get flamed for this, but what's wrong with Security Defense with a side of Incident Response?
Here's my thinking: Leverage the position you have as a system admin, and start tossing up some monitoring tools. Get centralized log servers, with automated scripts parsing the logs and emailing you the information you need. Set up a couple of packet capture devices on the network. My favorite was my linux box with wireshark connected to a span port watching all the internal traffic going out to the internet.
Use your pentest skills against those boxes. If you have company buy off on the monitoring systems, and you maintain them, you can test them. My argument was, these boxes capture all the data in the company, you don't want some random person to come along and abuse internal secrets.
On occasion, get a snapshot or other copy of a box in production, virtualize the copy, and then test against that. (Use the forensic skills to get a clean copy). Don't just try to pen-test it, do a full review of the copy to make sure it's not been popped.
The above was kind of what I was doing at my last job.
"Oh the network is slow? Hang on..." 30 minutes later "Network is slow because you have 15 people listening to Pandora, 5 watching the Laker's game from last night, 1 person torrenting something, and about 40 people on Youtube. Plus a bunch of traffic going to the old 172.31 network because the Help Desk hasn't finished re-imaging, and the traffic is looping between us and the network provider and the edge system at the datacenter." < true story.