Security Lead (MSSP)

We are seeking an experienced Security Lead to oversee the delivery, governance, and continuous improvement of Managed Security Services (MSSP) operations. The role will be responsible for leading security operations, incident response activities, threat management, security monitoring, and customer security engagements while ensuring compliance with industry standards and service-level commitments.

The Security Lead will act as the primary technical authority for cybersecurity operations, managing security analysts, coordinating incident response efforts, driving security best practices, and working closely with customers to enhance their security posture. The role requires strong expertise across Security Operations Center (SOC) functions, threat detection, security governance, risk management, and cybersecurity frameworks.

Key Accountabilities & Responsibilities

Security Operations Leadership

• Lead and oversee day-to-day MSSP and Security Operations Center (SOC) activities.
• Manage and mentor security analysts, incident responders, and cybersecurity engineers.
• Act as the primary escalation point for critical security incidents and cyber threats.
• Ensure security monitoring services are delivered in accordance with agreed SLAs and KPIs.
• Drive operational excellence through continuous process improvements and automation initiatives.

Incident Response & Threat Management

• Lead the investigation, containment, eradication, and recovery of cybersecurity incidents.
• Coordinate major incident response activities with customers, stakeholders, and third-party vendors.
• Conduct root cause analysis and prepare incident reports with corrective actions.
• Oversee threat hunting activities and proactive threat detection initiatives.
• Ensure timely response to security alerts and escalation of critical events.

Security Monitoring & Engineering

• Manage SIEM, SOAR, EDR, NDR, IDS/IPS, email security, and vulnerability management platforms.
• Oversee security use case development, tuning, and optimization.
• Ensure effective log collection, correlation, monitoring, and threat detection across customer environments.
• Support deployment and enhancement of security technologies and controls.
• Review security architectures and recommend improvements to strengthen defenses.

Governance, Risk & Compliance

• Ensure alignment with ISO 27001, NIST Cybersecurity Framework, CIS Controls, and industry best practices.
• Lead security audits, compliance assessments, and risk management activities.
• Develop and maintain security policies, procedures, standards, and operational playbooks.
• Support customers in addressing compliance and regulatory requirements.
• Conduct security risk assessments and recommend mitigation strategies.

Customer & Stakeholder Management

• Serve as the primary security advisor for assigned customers.
• Present security posture reports, incident summaries, and improvement recommendations to management and customers.
• Conduct security review meetings and executive-level briefings.
• Collaborate with infrastructure, cloud, network, and application teams to address security risks.

Reporting & Metrics

• Define and monitor security KPIs and operational metrics.
• Produce executive dashboards, monthly service reports, and incident trend analysis.
• Track SLA compliance, incident response times, threat trends, and security maturity improvements.

Qualifications & Requirements

• Minimum 7 years of experience in cybersecurity, security operations, or managed security services.
• Minimum 2 years of experience in a Security Lead, SOC Lead, Incident Response Lead, or equivalent leadership role.
• Experience working within a Managed Security Service Provider (MSSP) environment is highly preferred.
• Proven experience managing enterprise security operations and customer-facing security services.
• Bachelor's Degree in Cybersecurity, Computer Science, Information Security, Information Technology, or a related field

Certifications

• CISSP (Certified Information Systems Security Professional) – Mandatory.
• CISM (Certified Information Security Manager) – Preferred.
• ISO 27001 Lead Auditor or Lead Implementer – Mandatory.
• Additional certifications such as CEH, GCIA, GCIH, SC-200, AZ-500, or equivalent are advantageous.

Technical Skills

• Strong knowledge of SOC operations, SIEM, SOAR, EDR, XDR, IDS/IPS, and threat intelligence platforms.
• Experience with Microsoft Sentinel, Splunk, QRadar, ArcSight, LogRhythm, or similar SIEM technologies.
• Strong understanding of incident response, digital forensics, malware analysis, and threat hunting.
• Experience with cloud security across Microsoft Azure, AWS, and Google Cloud environments.
• Knowledge of vulnerability management, security architecture, network security, and endpoint protection technologies.
• Familiarity with MITRE ATT&CK, NIST, ISO 27001, CIS Controls, and Zero Trust security principles.

Leadership Competencies

• Strong leadership and team management capabilities.
• Excellent stakeholder and customer management skills.
• Ability to lead major incident response activities under pressure.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication and executive reporting abilities.
• Commitment to continuous improvement and cybersecurity excellence.