Cybersecurity Lead

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)
• 8+ years of cybersecurity experience, with proven leadership across Blue, Red, or Purple Team operations
• Demonstrated ownership of enterprise security detection tools, including SIEM, EDR/XDR, SOAR, and threat intel platforms
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, and threat emulation frameworks.
• Deep technical expertise in one or more of the following areas: Endpoint and network forensics, Cloud security monitoring (AWS, Azure, GCP), Scripting and automation (Python, PowerShell, Bash), Security engineering in hybrid or production environments
• Proven ability to lead incident response and purple team exercises from start to finish
• Strong communication and leadership skills, with ability to engage both executive stakeholders and technical teams

Nice To Haves

• Certifications such as OSCP, GCFA, GCIH, GPEN, GXPN, or GCTI highly desirable
• Experience in enterprise or production-scale environments, ideally within SaaS, networking, or hybrid cloud infrastructures
• Familiarity with DevSecOps practices, CI/CD pipeline security, and cloud-native monitoring
• Prior experience mentoring Blue Team analysts and managing tool life cycles and vendor relationships
• Exposure to purple team automation frameworks (e.g., AttackIQ, Caldera, Scythe)

Responsibilities

• Lead and oversee the management, configuration, and tuning of security detection and response platforms, including SIEM, EDR/XDR, SOAR automation platforms, Network IDS/IPS, NDR, and threat intelligence platforms (TIPs).
• Ensure all detection tools are integrated for end-to-end visibility across endpoints, cloud environments, and production systems.
• Define standards for log collection, parsing, and correlation to enhance alert accuracy and reduce false positives.
• Drive continuous tuning of detection rules, signatures, and use cases to align with MITRE ATT&CK and emerging threats.
• Collaborate with IT and Engineering teams to ensure security telemetry is fully integrated into cloud and CI/CD environments.
• Oversee threat hunting, alert triage, and incident response playbook execution across the security stack.
• Partner with DevOps and infrastructure teams to embed security monitoring hooks into hybrid environments and new deployments.
• Design and conduct controlled adversary emulation exercises to test detection and response capabilities.
• Execute attack chains including phishing, privilege escalation, persistence, and lateral movement using real-world TTPs.
• Develop and maintain custom adversary scripts and payloads to simulate targeted threats.
• Provide detailed post-exercise reports with actionable defensive improvement recommendations.
• Collaborate with Blue Team engineers to operationalize detections based on Red Team findings.
• Lead or co-lead major incident response efforts, coordinating containment, investigation, and recovery.
• Build and maintain detailed incident response runbooks, integrating lessons learned from purple team exercises.
• Conduct root cause analysis and lead retrospectives that drive measurable improvements in detection and resilience.
• Integrate threat intelligence and forensic insights into detection content and defensive playbooks.
• Plan and execute adversarial simulations that validate threat detection, alert fidelity, and incident response readiness.
• Develop the roadmap for continuous improvement of detection coverage, response automation, and control validation.
• Serve as a technical escalation point for complex investigations, guiding both Red and Blue Team staff.
• Translate technical results into executive-level insights that demonstrate risk reduction and readiness improvement.