Lead of Cybersecurity Operations

About This Role

This role is for a hands-on, strategic leader who will manage day-to-day cybersecurity operations including threat detection, incident response, vulnerability management, and third-party patching in a hybrid cloud environment. The leader will be responsible for investigating compromised systems, performing forensic analysis, and delivering detailed DFIR reports.

Responsibilities

• Lead Cybersecurity Operations team (SOC, Incident Response, Vulnerability Management)
• Oversee threat detection and response using CrowdStrike Falcon Complete, Rapid7 InsightIDR, and Proofpoint
• Own third-party patch management strategy and execution, utilizing tools such as PDQ Connect, Patch My PC, and Microsoft EAM
• Coordinate vulnerability scanning, prioritization, and remediation
• Develop and maintain playbooks and SOPs aligned with ISO 27001, NIST, and CIS frameworks
• Partner with IT, DevOps, and Application teams for secure deployments
• Track KPIs and operational metrics
• Support audits, risk assessments, and compliance initiatives
• Mentor team members and promote a culture of accountability and innovation

Requirements

• 8+ years in cybersecurity operations (SOC, IR, vulnerability management)
• 3+ years in a leadership or team lead role
• Strong DFIR experience (host, memory, network forensics)
• Experience with enterprise security tools: CrowdStrike, Rapid7, Proofpoint, Code42
• Patch management experience (PDQ, Intune, Patch My PC)
• Strong knowledge of ISO 27001, NIST CSF, CIS
• Experience with AWS and hybrid environments
• Excellent communication, leadership, and analytical skills

Qualifications

• 8+ years in cybersecurity operations (SOC, IR, vulnerability management), with 3+ years in a leadership or team lead role

Nice to Have

• Certifications: CISSP, GCIA, GCIH, or equivalent
• Experience leading teams through cloud migrations
• Strong problem-solving and collaboration skills

Skills

* Required skills