Security Operations Center Team Lead

About the job:
We are seeking a bilingual, experienced and highly skilled Security Operations and Engineering Lead to join our team. The ideal candidate will have a strong background in security operations, monitoring, detection, and response, as well as in managing security infrastructure, vulnerability management, and threat intelligence & hunting. You will be responsible for leading efforts to monitor, detect, analyze, and respond to security incidents, as well as managing the organization's security infrastructure, vulnerability management, and threat intelligence & hunting, ensuring that the organization’s networks, systems, applications and data remain secure against evolving cyber threats. This leadership role will focus on enhancing the effectiveness of our security operations. 

 

This position is 100% remote in Colombia.

 

Key Responsibilities:

Security Infrastructure Management:

• Lead and manage the design, implementation, operation and maintenance of enterprise security infrastructure.
• Oversee the deployment and management of security technologies such as CSPM, firewalls, FWaaS, IPS, EDR/NDR/XDR, SWG, ZTNA, CASB, WAF/WAAP, SIEM systems, Microsoft Entra Privileged Identity Management and encryption solutions, among others.
• Monitor and ensure the availability and operational effectiveness of security controls to protect against internal and external threats.

Vulnerability Management:

• Lead vulnerability management efforts, including regular vulnerability assessments and scanning across all systems and applications. The following types of tests must be planned, scheduled and performed :
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Interactive Application Security Testing (IAST)
• Software Composition Analysis (SCA)
• Infrastructure Vulnerability Scanning
• Container Vulnerability Scanning
• Identify, assess, and prioritize vulnerabilities based on risk and impact, and coordinate the remediation process across relevant teams.
• Track and report on vulnerability mitigation progress and ensure compliance with internal and external security requirements.
• Collaborate with development and IT teams to ensure that security best practices are integrated into the Secure software development life cycle (SSDLC) to avoid known vulnerabilities.

Threat Intelligence and Threat Hunting:

• Manage the threat intelligence lifecycle, including the collection, analysis, and dissemination of actionable threat intelligence to proactively identify and mitigate potential cyber threats.
• Lead threat hunting efforts to actively search for indicators of compromise (IOCs), advanced persistent threats (APTs), and other malicious activity within the organization's networks and systems.
• Work with internal teams and external vendors to enhance threat intelligence feeds, ensuring they are current and relevant.
• Identify and provide the latest threat landscape and intelligence findings as input to develop and update incident response playbooks.
• Provide strategic recommendations to leadership based on emerging threats and security trends.

Cyber Monitoring and Detection:

• Lead the design, implementation, and management of security monitoring systems and processes to detect potential security incidents.
• Oversee and optimize the use of Security Information and Event Management (SIEM) tools, including configuring alerts, use cases, dashboards, and reports to identify malicious activity and anomalies.
• Ensure continuous monitoring of network, system, and application logs to detect threats in real-time, including the use of threat intelligence feeds and anomaly detection techniques.
• Fine-tune detection rules and reduce false positives, ensuring that high-fidelity alerts are generated.

Security Incident Response:

• Design, implement, lead and manage the end-to-end incident response process, including preparation, detection, analysis, containment, eradication, recovery and post-incident activities.
• Coordinate with internal and external stakeholders (IT, legal, communications, etc.) to ensure timely and effective handling of security incidents.
• Develop, update, and test incident response playbooks, ensuring they are aligned with the industry’s best practices and regulatory requirements.
• Manage and refine security monitoring tools and procedures, ensuring they are aligned with organizational goals and risk management strategies.
• Conduct post-incident reviews to identify root causes, weaknesses, and opportunities for the organization’s security posture improvement.
• Conduct regular simulations (tabletop exercises, red teaming) to enhance the preparedness of the team and the organization in dealing with potential cyber incidents.

Threat Intelligence Integration:

• Integrate threat intelligence feeds and indicators of compromise (IOCs) into security monitoring systems to enhance proactive detection capabilities.
• Leverage threat intelligence to inform incident response activities, providing context to security alerts and helping to identify emerging threats.

• Leadership, Collaboration & Reporting:
• Identify, design, plan and lead implementation of automation opportunities.
• Continuous improvement of the processes under your responsibility.
• Collaborate with cross-functional teams (e.g., IT, development, operations) to ensure the alignment of security practices with internal and external security requirements.
• Lead the evaluation and selection of third-party vendors or tools for monitoring, detection and incident response, as well as for threat, vulnerability and security infrastructure management.
• Provide expert guidance on monitoring, detection and incident response as well as on threat and vulnerability management to all levels of the organization.
• Provide regular status reports and metrics on monitoring, detection and incident response activities (incidents, response times, trends, etc.) as well as on threat, vulnerability and security infrastructure management to senior leadership, offering actionable insights and recommendations for improvements.

• Provide detailed reports on security incidents, including findings, root causes, impact analysis, actions taken, lessons learned, etc.
• Maintain clear and accurate records of security incidents for audit and compliance purposes.

Key Qualifications:

• Bilingual (English - Spanish) B2/C1.
• Education:
• Bachelor’s degree in computer science. Post-graduate degree in cyber/information security is a plus.
• Certifications:
• CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) preferred.
• Certifications in incident response, threat hunting and/or security operations (e.g., GCIH, GCFA) are highly desirable.
• CEH and/or technical certifications related to threat intelligence, threat hunting and/or vulnerability management are highly desirable.

• Experience:
• 7+ years of experience in cybersecurity, with at least 3 years in a threat intelligence, threat hunting, vulnerability management, monitoring, detection and incident response leadership role.
• Proven experience in leading security operations teams, managing large-scale security incidents, and implementing incident response plans.
• Proven experience in security infrastructure management, security technologies (e.g., CSPM, firewalls, FWaaS, IPS, EDR/NDR/XDR, SWG, ZTNA, CASB, WAF/WAAP, SIEM systems, Microsoft Entra Privileged Identity Management and encryption solutions, among others.)
• Proven experience in vulnerability management, threat intelligence and threat hunting.
• Hands-on experience configuring, operating and managing SIEM platforms (Splunk, QRadar, ArcSight, etc.) and other security security/monitoring tools (e.g., firewalls, FWaaS, IPS, EDR/NDR/XDR, SWG, ZTNA, CASB, WAF/WAAP).
• Hands-on experience in threat hunting, leveraging tools such as ELK stack, Splunk, and similar platforms.
• Experience in threat hunting, malware analysis and forensics.
• Experience in cloud security is a plus (Azure, AWS, Google Cloud, etc.).
• Skills & Competencies:
• Strong knowledge of security incident management, threat detection, and response methodologies (e.g., NIST, SANS).
• Strong knowledge of network services and protocols, security protocols and technologies.
• Strong knowledge of vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS) and patch management platforms.
• Strong knowledge of threat intelligence platforms and frameworks (e.g., MISP, STIX, TAXII, MITRE ATT&CK).

• Communication and presentation skills, with the ability to engage stakeholders.

• Ability to stay current and adapt quickly to new regulations, emerging security trends, tools, and technologies.
• Strong problem-solving and analytical skills, with the ability to manage complex security challenges.
• Ability to remain calm under pressure and effectively manage high-stress situations.