Cyber Security Lead

Seeking an experienced and driven Cyber Security Lead to join a National Information Security team. In this pivotal role, you’ll lead the uplift of a security engineering and operations capability-embedding secure-by-default practices, strengthening detection and response, and delivering clear, board-ready cyber risk insights. This is a standout opportunity for a hands-on leader who thrives on building capability, driving resilience, and making a measurable impact across the firm.

Role Purpose

Lead and mature the Firm’s security engineering and operations capability to make secure‑by‑default real in delivery, standardise CI/CD controls and automation, and own incident leadership/SOC performance-reducing risk, cutting dwell/containment time, and converting telemetry into board‑ready metrics and threat‑level reporting. This role collaborates with Architecture to consume patterns and provide operational feedback into design gates.

Position Summary

A hands‑on Delivery (Engineering) & Run (Operations) lead who:

• Embeds guardrails into pipelines and platforms (DevSecOps, CI/CD security controls, vulnerability SLAs, hardening baselines, secrets/IAM operational controls) and enforces them through automation if possible.
• Matures detection & response (SIEM/SOAR strategy, tuning backlog, use‑case design, playbooks, MIM leadership, forensic readiness) and manages MSSP/SOC performance to achieve measurable signal‑to‑noise reduction.
• Publishes executive/board dashboards and threat posture levels to support risk‑based decisions and investment prioritisation.
• Operates role‑owned, auditable processes that improve continuity, audit readiness, client responsiveness, and board visibility.

Key Responsibilities

1. Establish / Embed / Operationalise (ground‑up build)

• Standards & runbooks: Define CI/CD baselines (SAST/DAST/Secrets/SBOM/attestation, release gates), vulnerability remediation SLAs, endpoint/network/cloud hardening baselines, SIEM/SOAR use cases & playbooks, incident RACI and forensic readiness checklist.
• IAM operational assurance: Regular auditing of AD and cloud identity platforms (secure provisioning, access reviews, privilege management, timely de‑provisioning).
• Resiliency & documentation: Recommend or build redundancy across critical SecEng/SecOps tasks so no single person is a point of failure; document procedures.
• MSSP/SOC performance management: Own escalation paths, SLAs, backlog prioritisation, use‑case delivery cadence, service quality, and contextual periodic reviews.
• Insider Risk (DLP etc.): Define processes for insider risk detection and response, aligned to privacy/GRC guardrails.
• Operational assurance & metrics: Own tuning backlog, hunt cadence, PIR/lessons‑learned loops, audit evidence capture, security ticket investigation and management, and executive dashboards.
• Capacity planning: Identify future capability/hiring needs across engineering & operations as maturity lifts.

2. Engineering (Build)

• CI/CD security baselines: Drive integrate code scanning, artifact integrity, SBOM/attestation, and release gates in pipelines.
• Automation: Drive automated control deployment/verification (configuration management, guardrail enforcement, drift remediation).
• Vulnerability management: Own risk‑based prioritisation, SLA tracking, aging and “red” trend reporting, and exception governance.
• Hardening baselines: Define, review, and monitor baselines for endpoints, network, and cloud landing zones; remediate drift via automation/change governance. (In collaboration with IS Architect for design patterns; architecture authoring is out of scope.)
• Change security: Ensure security impacts of changes are assessed in line with change‑management controls

3. Operations (Run)

• SIEM/SOAR strategy & tuning: Own log coverage, pipeline quality, correlation/use‑case design coordination, playbooks, and orchestration; deliver measurable signal‑to‑noise reduction.
• Incident leadership: Plan and run table-top exercise, act as Major Incident Manager (MIM), coordinate multi‑team responses, and manage regulator/client communications with business stakeholders and clients.
• Threat intelligence: Maintain visibility of external sources (e.g., ACSC, industry advisories) and coordinate action with SOC and stakeholders.
• Forensic readiness: Maintain evidentiary standards, chain‑of‑custody, tooling, and retention practices.
• SOC vendor oversight: Drive SLAs, backlog prioritisation, use‑case delivery, and periodic service reviews with contextual tuning

Expected Outcomes:

• Improved IR performance: Baseline and track MTTD/MTTR with demonstrable improvement as capability matures.
• IAM uplift: Progress from basic to advanced IAM controls-greater risk‑based auth coverage, reduced standing privilege, improved access‑review completion, fewer identity incidents.
• Operational assurance: Documented processes and evidence support audit/regulatory requirements; PIR actions close on schedule.
• Secure‑by‑default delivery: Controls consistently integrated into CI/CD, cloud landing zones, and infrastructure; reduced drift and faster remediation via automation.
• Board visibility & risk decisions: Dashboards and threat‑posture reporting provide clear, actionable insights for investment prioritisation

Educational Requirements:

Essential

• Relevant tertiary degree and/or qualification, or equivalent experience
• Formal training in incident response, SIEM/SOAR operations, and/or DevSecOps pipeline security.

Desirable

• Certifications such as CISSP, GIAC (e.g., GCIA/GCIH/GMON/GCTI), AWS Certified Security – Specialty, Azure Security Engineer Associate / Azure Solutions Architect Expert, Microsoft Defender XDR / Sentinel accreditations, or vulnerability management certifications.
• Postgraduate qualification in Cybersecurity or Security Engineering/Operations.

Demonstrated Experience & Attributes

Essential

• Proven leadership in security engineering: CI/CD control integration, SBOM/attestation, automated enforcement of security policies, and platform hardening
• Hands‑on ownership of vulnerability management with risk‑based prioritisation, SLA governance, and executive reporting.
• Deep experience in SecOps: SIEM/SOAR use‑case design, alert tuning, hunt operations, forensic readiness, and coordinated incident leadership (MIM).
• SOC vendor management and performance improvement: backlog/outcome management, tuning cadence, measurable detection efficacy.
• Strong analytical and communication skills; ability to convert telemetry into decision‑useful dashboards for executives/board.

Desirable

• Experience building and maturing a combined Engineering & Operations security function in complex or regulated environments.
• Demonstrated success in leading IAM and AD auditing initiatives, including tool selection and implementation.
• Familiarity with a wide range of security frameworks and baselines (e.g., AWS/Azure Well-Architected – Security, ACSC Essential Eight, ISO/IEC 27001, NIST CSF).
• Experience with security automation platforms, orchestration tools, and automated enforcement of security policies.
• Track record of effective vendor management, including evaluation, selection, and integration of fit-for-purpose security tools.
• Consulting or advisory experience in security transformation or uplift programs.
• Experience designing and delivering security awareness and training programs for technical and non-technical audiences.
• Strong cross-functional collaboration skills, working with architecture, engineering, operations, GRC, privacy, and business stakeholders.
• Experience presenting technical concepts and risk trade-offs to executives, boards, and external stakeholders.

Please apply using the button below or alternatively email your CV to brid.coughlan@talentinternational.com