Lead the continuous improvement and optimisation of security tooling across email, endpoint, identity, cloud, network, and application domains.
Partner with SOC, Threat Intelligence, Vulnerability Management, and Cyber Engineering teams to close control gaps and strengthen detection and prevention capabilities.
Tune and enhance controls to reduce false positives, improve detection fidelity, and align defences with real-world attacker techniques (e.g., MITRE ATT&CK).
Establish tooling performance baselines and drive measurable improvements in control coverage and effectiveness.
Automate and streamline configuration management to reduce manual intervention and improve response and remediation efficiency.
Support governance, audits, and standards development by documenting control intent, configuration rationale, and operational procedures.
What’s Needed
8+ years’ experience in cybersecurity or IT, including 4+ years in hands-on security operations, engineering, infrastructure, or cloud roles.
Demonstrated experience configuring and optimising enterprise-scale platforms such as CrowdStrike, Microsoft Purview, Palo Alto, or equivalent technologies.
Strong working knowledge of enterprise security controls across endpoint, cloud, network, identity, and email domains — and how they fail in practice.
Experience collaborating closely with SOC and IT operations teams to improve detection coverage and operational resilience.
Familiarity with governance processes, configuration management, and change control disciplines.
Relevant certifications (e.g., CISSP, GCIH, Security+, Cloud Security certifications) and scripting capability (Python, PowerShell, or Bash desirable).
