About the Role :

The Cyber Defense function acts as the organization's first line of defense against cyber threats, responsible for monitoring, threat intelligence, proactive threat hunting, and incident response. The team works closely with Security Engineering and Assurance teams to strengthen detection coverage, reduce response time, and continuously evolve our defense posture against emerging threats.

Key Responsibilities :

- Lead and operate the Security Operations Center (SOC) for continuous enterprise monitoring

- Detect and analyze threats across endpoint, network, identity, cloud, and application environments

- Maintain and enhance detection logic, correlation rules, and threat models for evolving attack patterns

- Lead threat intelligence operations, tracking adversary behavior and campaigns aligned with MITRE ATT&CK

- Conduct proactive threat hunting to identify advanced or stealth threats beyond automated detection

- Manage incident triage, containment, eradication, recovery, and digital forensics investigations

- Perform malware analysis and reverse engineering for high-severity incidents

- Develop and refine incident response playbooks and escalation frameworks

- Coordinate with Legal, HR, Communications, and Engineering teams during major incidents

- Leverage SIEM, SOAR, and XDR platforms for automation, enrichment, and faster incident response

- Lead purple team exercises and detection validation programs to measure response readiness

- Monitor attack surface intelligence and emerging threat vectors across the enterprise

- Publish threat advisories and intelligence reports for internal stakeholders

- Track and improve key security metrics such as MTTD, MTTR, detection accuracy, and false positives

- Build data-driven dashboards and insights for leadership and the CISO office

Strategic Outcomes :

- Early detection and rapid containment of cyber threats

- Intelligence-led proactive cyber defense operations

- Improved visibility across hybrid environments (cloud, on-premise, network, and endpoints)

- Enhanced forensic readiness and incident coordination

- Stronger cyber resilience and detection maturity across the enterprise

Skills & Expertise :

- Strong knowledge of network protocols (TCP/IP, DNS, HTTP, SMTP) and log analysis

- Deep understanding of SIEM, SOAR, EDR/XDR, and Threat Intelligence platforms

- Experience securing cloud environments (AWS, Azure, GCP)

- Familiarity with threat frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model

- Expertise in incident response, digital forensics, malware analysis, and threat hunting

- Hands-on experience with automation or scripting (Python, PowerShell, Bash) for detection and analysis

- Understanding of identity, email, SaaS threat detection, and attack surface management

What's in it for You :

- Flexible work model - Hybrid or in-office

- Strong focus on learning, development, and career growth

- Comprehensive health, wellness, and benefits programs

- Opportunity to help shape and strengthen enterprise cyber resilience