Security Lead - Splunk/Crowdstrike

Description :

We are seeking a seasoned Security, Performance, and Compliance Lead to spearhead the governance of security policies, ensure infrastructure and application performance optimization, and drive compliance across industry frameworks and regulatory requirements.

The ideal candidate will blend technical proficiency with a deep understanding of cybersecurity controls, compliance standards (ISO 27001, SOC 2, GDPR, HIPAA, etc.), and performance engineering best practices.

Security Leadership :

- Conduct risk assessments, vulnerability scans, and penetration tests to identify and mitigate security risks.

- Oversee incident detection and response, working with internal and external stakeholders to resolve security threats.

- Lead the integration of DevSecOps practices into the SDLC and CI/CD pipelines.

- Coordinate security awareness training and ensure compliance with data protection protocols.

Performance Optimization :

- Implement performance tuning strategies for databases, servers, and web applications.

- Drive capacity planning, stress testing, and infrastructure benchmarking across environments.

- Collaborate with DevOps and Engineering teams to define and meet performance SLAs.

Compliance Management :

- Drive audit readiness, prepare documentation, and support external and internal audits.

- Define controls, evidence gathering, and corrective action plans in response to audit findings.

- Maintain compliance-related documentation and report regularly to leadership and risk committees.

Cross-Functional Collaboration :

- Collaborate with legal and risk teams on privacy impact assessments (PIAs) and data processing agreements (DPAs).

- Work closely with product and cloud teams to enforce security and compliance by design.

Required Qualifications & Skills :

- Bachelors or Masters degree in Computer Science, Cybersecurity, Information Systems, or a related field.

- Strong understanding of security frameworks: NIST, ISO 27001, CIS Controls, OWASP Top 10.

- Proficiency in security tools such as Nessus, Burp Suite, Splunk, Qualys, CrowdStrike, etc.

- Experience with cloud platforms (AWS, Azure, GCP) and associated security/compliance offerings.

- Solid grasp of DevSecOps, container security, and infrastructure-as-code principles.

- Familiarity with compliance platforms (Vanta, Drata, Tugboat Logic) and GRC tools (RSA Archer, ServiceNow GRC).

Preferred Certifications :

- Strong analytical and critical thinking abilities.

- Ability to work in a fast-paced environment and lead under pressure.

- Proactive, detail-oriented, and a team leader with a risk-based mindset