I'm am looking for an accomplished security leader to oversee incident response and operational security functions within a fast-paced, enterprise-scale environment. This role leads a dedicated team responsible for monitoring, detecting, investigating, and responding to cyber threats around the clock. You will work closely with both internal technical specialists and senior business stakeholders to ensure swift and effective action against potential risks.
Role Overview
* Establish and maintain a robust incident response framework, ensuring all relevant personnel are trained in its use and ready to act during active security events.
* Coordinate and facilitate incident simulations and tabletop exercises to stress-test processes and improve preparedness.
* Direct and manage the resolution of high-priority security incidents, engaging cross-departmental resources including IT operations, legal, HR, and communications.
* Partner with monitoring teams to triage alerts, identify genuine threats, and ensure appropriate escalation and remediation.
* Review incidents post-resolution, performing root cause analysis and ensuring lessons learned are implemented.
* Lead technical investigations including endpoint analysis, network traffic review, malware examination, and log correlation.
* Supervise digital forensics work, ensuring correct evidence handling and detailed documentation throughout the process.
* Provide leadership and mentoring to security team members, supporting their career development and performance growth.
* Oversee the tuning, integration, and enhancement of monitoring and response technologies such as SIEM, endpoint protection platforms, and automation tools.
* Identify opportunities to automate security processes and improve operational efficiency.
* Support the design and implementation of security controls and architecture improvements to strengthen the organisation's resilience.
* Ensure operational practices comply with recognised frameworks and relevant industry standards.
Skills & Experience
* Proven track record in senior security operations or incident response leadership roles (5+ years).
* Strong background in threat detection, incident containment, and digital investigation.
* Practical knowledge of a range of monitoring and detection technologies (e.g., SIEM, SOAR, EDR/XDR) and their deployment in enterprise environments.
* Experience in vulnerability and threat management, data protection strategies, and insider threat detection.
* Familiarity with frameworks such as MITRE ATT&CK and established cyber defence models.
* Proficiency with at least one scripting language (Python, PowerShell, etc.) for process automation.
* Good understanding of network security, cloud platforms, and enterprise operating systems.
* Relevant security certifications (e.g., GCFA, GCFE, GCIH, or equivalent) are desirable.
* Ability to work effectively with both technical and non-technical stakeholders, adapting communication style as needed.
* Prior experience in a managed or shared security services environment is an advantage.