Cyber Operations Team Lead

• Team Leadership and Management

Lead, mentor, and develop a team of Threat Operations Analysts, ensuring high-quality output and strong technical performance.

Oversee day-to-day workflow, case allocation, and SLA management.

Conduct regular quality reviews of analyst findings, advisories, and attribution assessments.

Support hiring, onboarding, training, and ongoing professional development of team members.

• Operational Oversight

Ensure accuracy, consistency, and timeliness of threat and vulnerability notifications delivered to customers.

Monitor operational metrics, case volumes, detection triggers, and workload distribution.

Drive continuous improvement of processes, documentation, and internal playbooks.

Coordinate closely with Threat Research Teams to ensure smooth integration of new detection patterns, use cases, and scanning methodologies.

• Technical Escalation

Serve as the senior escalation point for complex exposure validation, disputed asset ownership, unusual detections, or high-impact vulnerabilities.

Support Underwriting, Customer Support, and Claims with expert analysis when required.

• Cross-Team Collaboration

Work with Threat researchers to feed back real-world findings, false positive trends, and enhancement opportunities for detection pipelines.

Collaborate with the Cyber Engineering and Data teams on tooling, automation, and dataset improvements.

Ensure alignment between Onsite and Sri Lanka Cyber Operations teams.
Customer and Stakeholder Engagement

Oversee the quality of outbound advisories and ensure communications meet standards.

Engage directly with brokers or customers for complex cases requiring senior technical clarification.

Represent the Cyber Operations function in internal reviews, presentations, and cross-department initiatives.

• Strategic Contribution

Help shape the roadmap of the Cyber Operations function and contribute to the evolution of risk-reduction services.

Identify operational gaps, process inefficiencies, and opportunities for automation or improved accuracy.

Support the rollout of new service lines, detection logic, and operational capabilities.

Requirements

• 9 + years experience

• Strong foundational understanding of networking (TCP/IP, ports, protocols) and common internet-facing services.
  
  
• Excellent grasp of vulnerability mechanics, CVE/CVSS scoring, adversary behaviours, and exploitation principles.
  
  
• Experience using exposure assessment tools and datasets (Shodan, Censys, LeakIX, Nuclei, DNS/WHOIS investigations).
  
  
• Ability to review and validate complex attribution or mitigation scenarios.
  
  
• Skilled at translating technical issues into clear, actionable customer-ready communication.
  
  
• Senior experience in a cyber operations, SOC, MSSP, threat monitoring, or similar environment.
  
  
• Demonstrated experience leading or mentoring analysts or managing operational workflows.
  
  
• Proven background in exposure validation, or threat verification.
  
  
• Experience working across distributed teams is advantageous.
  
  Certifications (Desired but Not Essential)
  
  
• CompTIA Security+, CySA+, Network+, or equivalent vendor-neutral certifications.
  
  
• GIAC, eLearnSecurity, or other advanced training is beneficial.