Cyber Security Manager

About the Company

We are seeking a Defensive Cybersecurity Manager to lead and mature an advanced, automation-driven Security Operations Centre (SOC). This is a hands-on leadership role combining technical ownership, incident leadership, and team management, with a strong focus on detection engineering and security automation.

About the Role

Lead, mentor, and develop a small defensive operations team across detection, response, and automation.

Responsibilities

• Act as primary escalation point for high-severity incidents, leading technical investigations and driving response decisions.
• Own and evolve SOC workflows to improve triage efficiency, consistency, and response quality.
• Build and scale production-grade security automation (SOAR) with appropriate safeguards and auditability.
• Own end-to-end detection engineering, including rule development, correlation, tuning, and continuous improvement.
• Establish and operate a detection-as-engineering lifecycle (requirements, testing, deployment, validation, feedback loops).
• Develop and maintain SOAR playbooks for enrichment, containment, remediation, and case management.
• Mature breach and attack simulation / continuous validation capabilities to measure and improve detection and response.
• Improve insider risk detection and response capabilities, including use cases, investigations, and playbooks.
• Define and track key operational metrics such as MTTD, MTTR, detection coverage, and automation effectiveness.

Qualifications

• 5 years’ experience in security operations, detection engineering, incident response, or security engineering with operational ownership.

Required Skills

• Strong hands-on experience with SIEM/log analytics, intrusion investigation, and security telemetry analysis.
• Proven experience building or scaling SOAR automation or equivalent orchestration tooling.
• Strong understanding of detection engineering principles including correlation, tuning, and alert lifecycle management.
• Experience working in cloud-first environments, particularly AWS and/or Azure.
• Ability to operate as both a technical lead and people manager in real-time, on-call security environments.

Preferred Skills

• Experience with AI-assisted or agentic SOC workflows and measurable operational improvements.
• Strong scripting ability (e.g., Python) for automation, integrations, and enrichment.
• Experience with breach and attack simulation, purple teaming, or continuous control validation programmes.
• Familiarity with adversary frameworks such as MITRE ATT&CK and NIST-aligned practices.
• Relevant security certifications (e.g., GCIH, GCIA, GSEC, CISSP or equivalent).

Pay range and compensation package

Opportunity to shape and mature a next-generation, automation-driven SOC operating model.

Equal Opportunity Statement

High-impact role combining leadership with deep technical ownership. Significant scope to influence detection engineering, automation strategy, and operational maturity. Work in a fast-moving environment focused on continuous improvement and measurable security outcomes.