Information Security Lead

Location: Erlanger, KY (Hybrid - 3 days in office / 2 days remote)

Salary: $105,000 - $110,000 USD per year

About the Role:

Our client, a global provider of legal intelligence with operations across the UK and US, is seeking an experienced Information Security Lead to safeguard its information assets across cloud, on-premise, and managed service environments.

This is a hands-on, technical leadership role responsible for security operations, incident response, vulnerability management, and compliance. The successful candidate will play a key role in strengthening security controls, improving monitoring and detection capabilities, and driving continuous improvement in the organisation’s security posture across both regions.

Key Responsibilities:

Security Operations & Monitoring (SOC)

• Maintain and enhance security controls across Microsoft 365, Azure, Intune, Defender, Sentinel SIEM, Cloudflare, and on-prem environments
• Monitor, investigate, and triage security alerts and anomalous activity
• Develop and tune SIEM dashboards, alerts, correlation rules, and automation playbooks
• Manage SIEM log ingestion and integrations
• Operate and optimise EDR, identity protection, DLP, MFA, email security, and application protection controls
• Oversee DNS and email authentication security (SPF, DKIM, DMARC)

Incident Response & Threat Handling:

• Lead technical response to global security incidents
• Conduct forensic investigations, log analysis, and root-cause analysis
• Maintain, test, and improve incident response playbooks (e.g. ransomware, credential compromise, cloud intrusion, DDoS)
• Coordinate incident communications with internal teams, leadership, and external vendors

Vulnerability Management & Testing:

• Own the vulnerability lifecycle: scanning, prioritisation, remediation tracking, and verification
• Manage internal and external penetration testing programmes
• Maintain vulnerability dashboards and reporting
• Ensure CIS, NIST, and Microsoft Secure Score baselines are enforced
• Perform regular access and privilege reviews

Cloudflare, DNS & Network Security:

• Manage Cloudflare security controls including WAF, bot mitigation, DNS security, Zero Trust, and SSL/TLS enforcement
• Analyse web traffic and security events for anomalies and threats
• Ensure Cloudflare and NGINX security controls align with enterprise standards

Governance, Risk & Compliance (GRC):

• Support compliance with ISO 27001/27002, NIST CSF, CIS Controls, GDPR, SOC 2, Cyber Essentials, DORA, and US regulatory requirements
• Maintain security policies, procedures, risk registers, and documentation
• Perform vendor and project risk assessments
• Support internal and external audits and assurance activities

Security Architecture & Improvement:

• Conduct security reviews of new technologies, SaaS applications, and infrastructure
• Partner with development and engineering teams on secure design and remediation
• Deliver security awareness initiatives and promote a strong security-first culture
• Track emerging threats and contribute to long-term security roadmap planning

Required Experience & Skills:

• 5 years’ experience in information security, SOC operations, or cybersecurity
• Strong hands-on experience with Microsoft 365, Azure, Sentinel SIEM, Defender suite, EDR, Cloudflare, DNS security, and NGINX App Protect
• Proven experience in incident response, threat detection, SIEM engineering, vulnerability management, and penetration testing coordination
• Solid understanding of network security, IAM, endpoint security, email security, and SaaS environments
• Experience working closely with infrastructure, cloud, and application teams
• Excellent communication skills, with the ability to engage both technical and non-technical stakeholders
• Calm, structured approach during high-pressure security incidents

Frameworks & Standards:

• Working knowledge of ISO 27001/27002, NIST, CIS Controls, SOC 2, GDPR, DORA, and US security regulations
• Experience supporting audits, risk assessments, and compliance initiatives

Preferred Certifications:

• Security
• AZ-500 (Azure Security Engineer)
• SC-200, SC-300, SC-400
• GIAC, CEH, CySA , or similar
• Microsoft Sentinel 400

Why Apply?

• Competitive salary
• Hybrid working model (3 days in office, 2 remote)
• Opportunity to lead and shape security practices for a respected global legal intelligence provider
• Exposure to modern cloud, SaaS, and security technologies
• Collaborative, professional environment with strong executive support