Cybersecurity Lead

Position Overview

The Cybersecurity Lead serves as a hands-on technical leader responsible for uniting offensive and defensive security operations to continually improve the company’s ability to detect, respond to, and recover from cyber threats. This role will lead the Blue Team in managing and enhancing security monitoring tools, detection pipelines, and incident response processes, while also coordinating Red Team simulations that measure and improve the company’s defensive posture. Reporting to the Director of Cybersecurity, this leader bridges strategy and execution by emulating adversaries, strengthening controls, and transforming findings into actionable defense improvements.

Key Responsibilities

• Blue Team Operations and Tool Management:
  • Lead and oversee the management, configuration, and tuning of security detection and response platforms, including SIEM (e.g., Splunk, PANW, or Azure Sentinel), EDR/XDR (e.g., CrowdStrike, SentinelOne, Microsoft Defender), SOAR automation platforms, and network IDS/IPS, NDR, and threat intelligence platforms.
  • Ensure all detection tools are integrated for end-to-end visibility across endpoints, cloud environments, and production systems.
  • Define standards for log collection, parsing, and correlation to enhance alert accuracy and reduce false positives.
  • Drive continuous tuning of detection rules, signatures, and use cases to align with MITRE ATT&CK and emerging threats.
  • Collaborate with IT and Engineering teams to ensure security telemetry is fully integrated into cloud and CI/CD environments.
  • Oversee threat hunting, alert triage, and incident response playbook execution across the security stack.
  • Partner with DevOps and infrastructure teams to embed security monitoring hooks into hybrid environments and new deployments.
• Red Team and Offensive Security:
  • Design and conduct controlled adversary emulation exercises to test detection and response capabilities.
  • Execute attack chains including phishing, privilege escalation, persistence, and lateral movement using real-world TTPs.
  • Develop and maintain custom adversary scripts and payloads to simulate targeted threats.
  • Provide detailed post-exercise reports with actionable defensive improvement recommendations.
  • Collaborate with Blue Team engineers to operationalize detections based on Red Team findings.
• Incident Response and Continuous Improvement:
  • Lead or co-lead major incident response efforts, coordinating containment, investigation, and recovery.
  • Build and maintain detailed incident response runbooks, integrating lessons learned from purple team exercises.
  • Conduct root cause analysis and lead retrospectives that drive measurable improvements in detection and resilience.
  • Integrate threat intelligence and forensic insights into detection content and defensive playbooks.
  • Plan and execute adversarial simulations that validate threat detection, alert fidelity, and incident response readiness.
  • Develop the roadmap for continuous improvement of detection coverage, response automation, and control validation.
  • Serve as a technical escalation point for complex investigations, guiding both Red and Blue Team staff.
  • Translate technical results into executive-level insights that demonstrate risk reduction and readiness improvement.

Required Qualifications

• Education: Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)
• Experience Required: 8+ years of cybersecurity experience, with proven leadership across Blue, Red, or Purple Team operations
• Demonstrated ownership of enterprise security detection tools, including SIEM, EDR/XDR, SOAR, and threat intelligence platforms
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, and threat emulation frameworks
• Deep technical expertise in areas such as endpoint and network forensics, cloud security monitoring (AWS, Azure, GCP), scripting and automation (Python, PowerShell, Bash), and security engineering in hybrid or production environments
• Proven ability to lead incident response and purple team exercises
• Certifications such as OSCP, GCFA, GCIH, GPEN, GXPN, or GCTI highly desirable
• Strong communication and leadership skills with the ability to engage both executive stakeholders and technical teams

Preferred Qualifications

• Experience in enterprise or production-scale environments, ideally within SaaS, networking, or hybrid cloud infrastructures
• Familiarity with DevSecOps practices, CI/CD pipeline security, and cloud-native monitoring
• Prior experience mentoring Blue Team analysts and managing tool life cycles and vendor relationships
• Exposure to purple team automation frameworks (e.g., AttackIQ, Caldera, Scythe)

Benefits & Perks

• Location: Hybrid
• Compensation: $140,000 - $185,000
• Join a dynamic team where your leadership will directly enhance the company’s cybersecurity posture, resilience, and innovation.