Cyber Security Operations Lead

About the Role

We are seeking a dynamic and experienced Cyber Security Operations Lead to take ownership of our end-to-end security operations. This role covers the full spectrum of defensive operations, including the management of SOC functions, endpoint detection and response (EDR), extended detection and response (XDR), network detection and response (NDR), and overall cyber resilience. The successful candidate will lead a team of analysts and engineers, ensuring proactive defense, effective monitoring, and rapid response to emerging cyber threats.

Key Responsibilities:

• Lead and oversee all aspects of cyber security operations, ensuring alignment with business and regulatory requirements.
• Manage and optimise EDR, XDR, and NDR solutions to provide deep visibility across endpoints, networks, and cloud environments.
• Develop and implement advanced incident detection and response strategies, including playbooks, escalation paths, and forensic investigations.
• Oversee the operation and continual improvement of the Security Operations Center (SOC), ensuring 24/7 threat detection and incident handling.
• Build and run threat hunting programs to proactively identify and mitigate risks before they impact the business.
• Collaborate with IT, Cloud, and Application Security teams to drive a unified defense strategy across the enterprise.
• Conduct ongoing vulnerability and threat assessments, ensuring timely remediation and risk reduction.
• Manage vendor and MSSP relationships to ensure coverage and effectiveness of outsourced services where applicable.
• Track, measure, and report on operational KPIs (e.g., MTTD, MTTR, false positives, incident volumes, control coverage).
• Maintain deep awareness of the evolving threat landscape, introducing new tools and methodologies to strengthen security posture.
• Support compliance and regulatory initiatives by providing operational evidence and ensuring alignment with frameworks (ISO 27001, NIST CSF, MITRE ATT&CK, etc.).

Qualifications & Experience:

• Bachelor’s degree in Cyber Security, Information Technology, or a related field (Master’s preferred).
• 8+ years of experience in cyber security, with at least 3 years leading operations or SOC teams.
• Proven experience managing EDR, XDR, and NDR platforms (e.g., CrowdStrike, SentinelOne, Palo Alto Cortex, Microsoft Defender, Darktrace, Vectra, etc.).
• Strong knowledge of SIEM/SOAR platforms and integration with detection and response technologies.
• Hands-on expertise in incident response, digital forensics, malware analysis, and threat intelligence.
• Familiarity with hybrid environments (on-prem, cloud, SaaS) and securing large, distributed infrastructures.
• Certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GCFA), CCSP, CEH are highly desirable.

Salt is acting as an Employment Agency in relation to this vacancy.