Head of Security Operations

Key Duties and Responsibilities

• Lead and oversee end-to-end SOC operations, including 24/7/365 readiness, triage quality, and continuous operational stability.

• Coordinate Incident Response processes and manage Major Incidents, ensuring effective cross-team crisis handling and resolution.

• Drive SOC maturity by designing detection use cases and implementing SOAR automation, including AI-assisted workflows to improve detection and response.

• Monitor, analyze, and report cybersecurity KPIs (e.g., MTTD, MTTR) to ensure operational efficiency and continuous improvement.

• Conduct Threat Hunting activities to proactively identify hidden threats across enterprise IT and OT environments using frameworks such as MITRE ATT&CK.

• Manage MSSP/MDR vendors, enforce SLA compliance, and reduce alert fatigue by improving alert quality and relevance.

• Optimize operational costs by reducing false positives through AI/ML-based correlation and anomaly detection mechanisms.

• Ensure security and resilience of AI/ML models used in defensive systems, including awareness of adversarial ML risks.

Requirements

• Higher education in a relevant field.

• 5+ years of experience in SOC operations or cybersecurity leadership roles.

• Strong hands-on knowledge of SIEM, SOAR, and EDR platforms and Incident Response frameworks (SANS, NIST).

• Practical experience with MITRE ATT&CK and Threat Hunting methodologies in IT and OT environments.

• Experience managing MSSP/MDR providers and enforcing SLA-driven service quality.

• Understanding of AI/ML concepts in the context of cybersecurity automation and anomaly detection.

• Strong crisis management skills and ability to coordinate under high-pressure incident conditions.