Cyber Operations Team Lead

• Team Leadership and Management

Lead mentor and develop a team of Threat Operations Analysts ensuring high-quality output and strong technical performance.

Oversee day-to-day workflow case allocation and SLA management.

Conduct regular quality reviews of analyst findings advisories and attribution assessments.

Support hiring onboarding training and ongoing professional development of team members.

• Operational Oversight

Ensure accuracy consistency and timeliness of threat and vulnerability notifications delivered to customers.

Monitor operational metrics case volumes detection triggers and workload distribution.

Drive continuous improvement of processes documentation and internal playbooks.

Coordinate closely with Threat Research Teams to ensure smooth integration of new detection patterns use cases and scanning methodologies.

• Technical Escalation

Serve as the senior escalation point for complex exposure validation disputed asset ownership unusual detections or high-impact vulnerabilities.

Support Underwriting Customer Support and Claims with expert analysis when required.

• Cross-Team Collaboration

Work with Threat researchers to feed back real-world findings false positive trends and enhancement opportunities for detection pipelines.

Collaborate with the Cyber Engineering and Data teams on tooling automation and dataset improvements.

Ensure alignment between Onsite and Sri Lanka Cyber Operations teams.
Customer and Stakeholder Engagement

Oversee the quality of outbound advisories and ensure communications meet standards.

Engage directly with brokers or customers for complex cases requiring senior technical clarification.

Represent the Cyber Operations function in internal reviews presentations and cross-department initiatives.

• Strategic Contribution

Help shape the roadmap of the Cyber Operations function and contribute to the evolution of risk-reduction services.

Identify operational gaps process inefficiencies and opportunities for automation or improved accuracy.

Support the rollout of new service lines detection logic and operational capabilities.

Requirements

• Strong foundational understanding of networking (TCP/IP ports protocols) and common internet-facing services.
  
  
• Excellent grasp of vulnerability mechanics CVE/CVSS scoring adversary behaviours and exploitation principles.
  
  
• Experience using exposure assessment tools and datasets (Shodan Censys LeakIX Nuclei DNS/WHOIS investigations).
  
  
• Ability to review and validate complex attribution or mitigation scenarios.
  
  
• Skilled at translating technical issues into clear actionable customer-ready communication.
  
  
• Senior experience in a cyber operations SOC MSSP threat monitoring or similar environment.
  
  
• Demonstrated experience leading or mentoring analysts or managing operational workflows.
  
  
• Proven background in exposure validation or threat verification.
  
  
• Experience working across distributed teams is advantageous.
  
  Certifications (Desired but Not Essential)
  
  
• CompTIA Security CySA Network or equivalent vendor-neutral certifications.
  
  
• GIAC eLearnSecurity or other advanced training is beneficial.