Security Defense and Operation Lead

**Purpose of the Job**
- To lead the operational defense of the AECI’s digital infrastructure by coordinating incident response, managing vulnerability remediation, and maintaining critical security controls.
- This role ensures that threats identified by the v Security Operations Center (SOC) are swiftly addressed, security incidents are resolved, and endpoint and network protections are continuously optimized.
- The position plays a key role in safeguarding business continuity, minimizing cyber risk exposure, and supporting compliance with internal and external security standards.

**Key Internal Stakeholders**
- IT Infrastructure and Operations Teams - for coordinating patching, vulnerability remediation, and endpoint protection.
- Service Desk - for executing incident response actions and escalating security alerts.
- SOC and Vulnerability Management Providers - for threat detection, alert triage, and vulnerability scanning.
- Application Security and DevSecOps Teams - for integrating response playbooks and ensuring secure development practices.
- Risk & Compliance Team - for aligning incident response with audit and compliance requirements.

**Key External Stakeholders**
- Third-party Security Vendors - including EDR, SOC, and vulnerability scanning service providers.
- Managed Security Service Providers (MSSPs) - where applicable, for outsourced monitoring or incident support.
- Auditors and Regulatory Bodies - during security audits or post-incident reviews

**Key Performance Areas Input**
- SOC alerts and threat intelligence Lead incident remediation for threats identified by the virtual Security Operations Center (SOC), ensuring timely and effective containment and recovery.
- External vulnerability scans and internal IT coordination Coordinate vulnerability remediation, ensuring vulnerabilities are tracked, prioritized, and resolved in collaboration with IT teams.
- Security incident logs and patch reports Verify resolution of security incidents and validate that patching activities are completed and effective.
- Vulnerability management workflows Optimize alert handoffs and reporting workflows, reducing false positives and improving response efficiency.
- Endpoint Detection & Response (EDR) and network segmentation tools Maintain and monitor critical security controls, ensuring continuous protection and compliance with security baselines.
- Service provider SLAs and performance metrics Monitor third-party performance, ensuring vSOC and vulnerability management providers meet contractual obligations and service levels.
- Threat scenarios and operational procedures Develop and maintain unified response playbooks for technical teams, enabling consistent and rapid response to incidents

**Qualifications & Experience**:

- Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
- Industry-recognized cybersecurity certifications such as:

- Certified Information Systems Security Professional (CISSP)
- GIAC Certified Incident Handler (GCIH)
- Certified Ethical Hacker (CEH)
- CompTIA Security+ or CySA+
- Microsoft certifications aligned to security operations and threat response:

- SC-200: Microsoft Security Operations Analyst - focused on threat detection, investigation, and response using Microsoft Defender and Sentinel
- SC-300: Microsoft Identity and Access Administrator - relevant for IAM and access control integration
- SC-900: Microsoft Security, Compliance, and Identity Fundamentals - foundational knowledge of Microsoft security and compliance solutions
- Familiarity with Microsoft Defender for Endpoint, Microsoft Sentinel, and other Microsoft 365 security tools is highly advantageous.
- Additional training in incident response, vulnerability management, and EDR platforms is recommended.
- 6-10 years of progressive experience in cybersecurity operations, including hands-on incident response and threat remediation.
- Proven experience managing or working closely with a virtual Security Operations Center (SOC) and vulnerability management platforms.
- Strong background in coordinating patch management and vulnerability remediation across IT and infrastructure teams.
- Experience maintaining and optimizing endpoint detection and response (EDR) tools and network segmentation controls.
- Demonstrated ability to develop and implement incident response playbooks and operational workflows.
- Familiarity with managing third-party security service providers and evaluating their performance.
- Exposure to enterprise IT environments, preferably with SAP, Active Directory, and hybrid cloud infrastructure.

**Personal Attributes**
- Incident response coordination and remediation leadership
- Vulnerability management and patch lifecycle coordination
- Security control implementation and optimization (e.g., EDR, network segmentation)
- Workflow design and automation for SOC alert handling and reporting
- Technical writing for playbooks and response procedures
- F