Cyber Security Operations Lead

Job Description

Job Description Cyber Security Operations Lead

Employment Type: Full-time

About the Role

The successful candidate will lead a team of analysts and engineers, ensuring proactive defense, effective monitoring, and rapid response to emerging cyber threats.

• Lead and oversee all aspects of cyber security operations, ensuring alignment with business and regulatory requirements.
• Manage and optimise EDR, XDR, and NDR solutions to provide deep visibility across endpoints, networks, and cloud environments.
• Develop and implement advanced incident detection and response strategies, including playbooks, escalation paths, and forensic investigations.
• Oversee the operation and continual improvement of the Security Operations Center (SOC), ensuring 24/7 threat detection and incident handling.
• Build and run threat hunting programs to proactively identify and mitigate risks before they impact the business.
• Collaborate with IT, Cloud, and Application Security teams to drive a unified defense strategy across the enterprise.
• Conduct ongoing vulnerability and threat assessments, ensuring timely remediation and risk reduction.
• Manage vendor and MSSP relationships to ensure coverage and effectiveness of outsourced services where applicable.
• Track, measure, and report on operational KPIs (e.g., MTTD, MTTR, false positives, incident volumes, control coverage).
• Maintain deep awareness of the evolving threat landscape, introducing new tools and methodologies to strengthen security posture.
• Support compliance and regulatory initiatives by providing operational evidence and ensuring alignment with frameworks (ISO 27001, NIST CSF, MITRE ATT&CK, etc.).

• Bachelors degree in Cyber Security, Information Technology, or a related field (Masters preferred).
• 8+ years of experience in cyber security, with at least 3 years leading operations or SOC teams.
• Proven experience managing EDR, XDR, and NDR platforms (e.g., CrowdStrike, SentinelOne, Palo Alto Cortex, Microsoft Defender, Darktrace, Vectra, etc.).
• Strong knowledge of SIEM/SOAR platforms and integration with detection and response technologies.
• Hands-on expertise in incident response, digital forensics, malware analysis, and threat intelligence.
• Familiarity with hybrid environments (on-prem, cloud, SaaS) and securing large, distributed infrastructures.
• Certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GCFA), CCSP, CEH are highly desirable.