Senior Cybersecurity Defence Engineer / Manager

Key Responsibilities

1) Security Architecture (Security by Design)

• Conduct threat modelling activities to support Security by Design across projects and solution lifecycles (e.g., STRIDE, attack trees, abuse cases).
• Assess new and existing technologies, architectures, and proposed systems (on-prem, cloud, hybrid, SaaS) to identify security gaps, design weaknesses, and control deficiencies.
• Define security requirements and design security controls across systems, networks, and cloud environments (identity, network segmentation, data protection, logging/monitoring).
• Partner with IT and project teams to translate requirements into implementable designs, reference patterns, and technical guardrails.
• Produce and maintain architecture deliverables such as threat model records, security design reviews, risk/exception documentation, and control mapping.

2) Security Engineering (Tooling, Hardening, Reliability)

• Deploy, configure, and maintain cybersecurity tools (e.g., SIEM, SOAR, EDR/XDR,SEG, NGFW, DLP, SASE, IAM, vulnerability scanning, cloud security platforms), ensuring secure configuration and operational reliability.
• Define secure configurations and provide IT with hardening requirements, remediation guidance, and prioritized recommendations aligned to risk.
• Monitor and tune security platforms to improve detection accuracy and operational performance; reduce false positives/negatives through continuous tuning.
• Handle operational engineering tasks such as alert triage support, rule tuning, use-case updates, and security tool health checks (agents, connectors, data ingestion).
• Troubleshoot and resolve security-related issues across infrastructure and applications, coordinating root-cause analysis with owning teams.
• Ensure controls and processes align with security standards, compliance requirements, and architectural principles.
• Document security controls, configurations, operational procedures, and runbooks/playbooks for repeatable operations.

3) Security Operations (Incident Response Leadership & Coordination)

• Serve as a primary Incident Responder in accordance with the organization’s Incident Response (IR) plan; participatein on-call rotation as required.
• Work closely with external service providers to review, validate, and prioritize escalated alerts, ensuring incidents are accurately classified and handled according to the IR plan.
• Coordinate with external providers during active incidents to execute containment actions (e.g., isolation, blocking, credential resets, segmentation) and preserve evidence as required.
• Direct eradication and recovery activities with IT and application owners, ensuring systems are restored safely and validated with enhanced monitoring.
• Act as the central communication hub during incidents, engaging IT teams, management, and affected business units; provide clear status updates, impact assessments, and next steps.
• Lead or contribute to post-incident reviews: document timelines, root causes, lessons learned, and drive corrective actions to prevent recurrence.

• 5+ years of cybersecurity experience spanning at least two of: security architecture, security engineering, SOC/incident response.
• Security Architecture exposure is beneficial; however, candidates with deep, end-to-end domain coverage across Architecture + Engineering + Operations may be considered for a more senior Manager-level position.
• Demonstrated hands-on experience designing and implementing security controls across enterprise infrastructure (Windows/Linux, AD, networking) and cloud environments (Azure/AWS/GCP).
• Strong experience with security tooling operations and detection engineering (log onboarding, correlation/detections, tuning, and response actions).
• Proven incident response experience including containment, eradication, and recovery coordination across multiple teams.
• Strong documentation skills: ability to create clear runbooks, playbooks, standards, and technical guidance for engineers and operators.

• Strong hands-on experience deploying,operating, and improving security tooling and detection capabilities across key categories, such as:
• SIEM / log management (log onboarding, parsing, correlation, detections/use-cases)
• EDR/XDR (endpoint visibility, investigation, response actions)
• SOAR / case management (triage workflows, automation, response orchestration)
• Vulnerability scanning / exposure management (scanning operations, prioritization, remediation validation)
• Cloud security platforms (e.g., CSPM/CWPP-style controls, cloud logging and telemetry integration) with continuous tuning to improve detection quality and response effectiveness.
• Hands-on experience reviewing, assessing, and maintaining network security controls, including firewall and network security policy reviews, rule-base optimization, risk-based access validation, and remediation recommendations.

Preferred Qualifications / Certifications (Nice to Have)

• Security certifications such as CISSP, CISM, CCSP, or GIAC (e.g., GCIH, GCIA, GCED); cloud security certifications (Azure/AWS/GCP).
• Experience with SOAR automation and scripting (Python/PowerShell) to improve response and operational efficiency.
• Familiarity with security and control frameworks (e.g., NIST CSF/800-53, ISO 27001, CIS Benchmarks) and threat frameworks (MITRE ATT&CK).