S2 Team Lead (Manager) Networks Security & Escalations

Role Purpose

Why S2 Exists

S2 exists to protect client operations by owning the hard problems:

• Escalations from S1
  
• Networking reliability and performance
  
• Cybersecurity controls and continuous risk reduction
  
• Complex incident response and prevention
  
• Standards that scale across the client base
  

You make S2 predictable measurable and calm even when production is on fire.

90-Day Mission

Definition of Done

By Day 90 S2 is running like a machine:

• Clear escalation rules fast triage and repeatable fixes
  
• Monitoring/alert discipline with reduced noise and faster action
  
• Network/security standards applied consistently
  
• Root-cause reduction: fewer repeat incidents fewer recurring tickets
  
• Scoreboards visible weekly with accurate BU reporting
  
• Engineers accountable trained and shipping quality work
  

Primary Outcomes

What Success Looks Like

Operational

• Reduced repeat escalations and same-issue tickets
  
• Faster resolution on high-severity incidents
  
• Stable client networks (uptime performance fewer outages)
  
• Security posture improving across clients (coverage controls)
  

Leadership

• Clear role ownership inside S2
  
• Strong daily/weekly rhythms (triage prioritisation reviews)
  
• Coaching and upskilling happening continuously
  
• SOP discipline is real (not optional)
  

Commercial

• S2 projects scoped cleanly delivered profitably and documented
  
• BU Sales Consultant supported with accurate scope/BOM and commercial clarity
  
• Work is invoiced cleanly through the BU commercial process (no revenue leakage)
  

Key Responsibilities

Escalations Leadership (Core)

• Own the S1S2 escalation pathway (definitions priorities exit criteria)
  
• Ensure triage happens quickly with clear comms and next steps
  
• Drive incident resolution to completion (not workarounds only)
  
• Implement preventive measures to reduce repeat escalations
  
• Maintain escalation SOPs and train S1 on what good escalation looks like
  

Networking Operations (Core)

• Own client network standards: switching routing Wi-Fi firewall config standards
  
• Ensure documentation and diagrams are current and usable
  
• Improve stability and performance through proactive maintenance
  
• Implement change control for network changes (risk management)
  

Security Operations (Core)

• Own baseline security controls and continuous improvements
  
• Ensure patching vulnerability remediation endpoint standards and identity/access basics are enforced (as per your stack)
  
• Lead incident response for security events (containment remediation reporting)
  
• Create and maintain security runbooks and client security improvement roadmaps
  

Monitoring Alerting and Response Discipline

• Ensure monitoring is meaningful (reduce alert noise increase signal)
  
• Define response rules: who acts when and how
  
• Track MTTA/MTTR and improvements over time
  

Projects and Delivery Management (with S3 and BU Sales Consultant)

• Produce clean technical scope BOMs and project plans
  
• Ensure delivery quality sign-off and handover documentation
  
• Prevent scope creep and uncontrolled free work
  
• Coordinate with S3 where cloud/automation overlaps
  

People Leadership and Performance

• Set clear roles and expectations for S2 engineers
  
• Weekly 1:1s and skill development plans
  
• Run peer reviews and post-incident reviews
  
• Hire/interview input where needed
  

SOP and Quality Enforcement (Non-Negotiable)

• Build/maintain S2 SOPs: escalation network changes firewall rules incident response documentation standards handovers
  
• Audit compliance and correct behaviour fast
  
• Stop-the-line rule: unclear scope clarify before executing
  

KPIs / Scorecard

Weekly Monthly

Operational Metrics

• Escalations received vs resolved (weekly)
  
• Repeat escalation rate (same client/same root cause)
  
• MTTA (mean time to acknowledge) for critical incidents
  
• MTTR (mean time to resolve) for critical incidents
  
• Network incident count and downtime minutes (where measurable)
  
• Change failure rate (changes that cause incidents)
  

Security Metrics

• High-risk findings opened vs remediated
  
• Patch compliance / remediation SLA adherence
  
• Security incidents: count severity containment time
  
• MFA/identity control coverage (where applicable)
  

Quality & Compliance

• Documentation completeness score (diagrams configs passwords/secure vault references runbooks)
  
• SOP compliance audit score
  
• Ticket quality (notes root cause resolution steps)
  

Commercial / Delivery

• Project delivery on time/on scope
  
• Rework rate
  
• Scope/BOM handoff quality to BU Sales Consultant
  
• Revenue leakage incidents (missed billables due to poor handoffs) target: zero
  

Non-Negotiables

Behavioural Rules

• Calm and decisive under pressure
  
• Documentation is part of the job not a nice to have
  
• No hero culture: systems beat legends
  
• Strong handoffs and cross-BU collaboration
  
• SOP compliance is enforced not suggested
  

30 / 60 / 90-Day Plan

Operational Decentralised Command Aligned

Days 030: Stabilise and Create the Operating System

• Audit current S2 load: top 20 recurring escalations top 10 client risks
  
• Define escalation entry criteria minimum info required from S1
  
• Implement weekly S2 scoreboard and review cadence
  
• Create/update top 10 SOPs (escalation firewall change incident response documentation standard)
  
• Start post-incident reviews for critical events
  
• Quick wins: reduce alert noise fix the loudest repeat problem
  

Deliverables by Day 30

• S2 escalation SOP S1 escalation checklist
  
• Scoreboard live weekly
  
• Documentation baseline standard published
  
• First reduction in repeat escalations trend
  

Days 3160: Improve Quality Speed and Standards

• Establish standard network/security baselines across clients (phased)
  
• Introduce change control discipline for risky changes
  
• Start skills development plans for S2 team members
  
• Improve MTTR by tightening triage comms and ownership
  
• Build a prevention backlog (root-cause fixes prioritised by impact)
  

Deliverables by Day 60

• Visible reduction in repeat escalations
  
• Network/security baseline rollouts started (tracked)
  
• Monitoring/alert response rules formalised
  

Days 6190: Scale Predictability and Commercial Impact

• Mature incident response and post-incident learning loop
  
• Reduce reactive load through prevention work
  
• Tighten project handoffs to BU Sales Consultant (scope/BOM quality)
  
• Ensure billing capture discipline: no work without traceable scope and handover
  
• Create S2 playbook for recurring scenarios
  

Deliverables by Day 90

• S2 runs predictably with measurable improvements
  
• Prevention engine operating (fewer repeats)
  
• BU reporting reliable enough for forecasting and planning
  

Benefits

Earning Potential

Your income should grow when your performance drives stability security and operational excellence.

This is a leadership role where your impact on uptime risk reduction and delivery quality directly contributes to business performance.

This is how we do that at Ello:

• Competitive market-related salary aligned to leadership level
  
• A role built around ownership performance and measurable outcomes
  
• Opportunity to increase your value as your operational impact grows
  

Performance Recognition

Not just activity. Leadership accountability and real operational results.

At Ello Technology we value leaders who reduce chaos build systems and create predictable outcomes.

This is how we do that at Ello:

• We recognise strong technical leadership and decision-making under pressure
  
• We value consistency discipline and execution
  
• We reward improvements in uptime stability and team performance
  
• We make meaningful contributions visible and appreciated
  

Career Growth

This should feel like a step into serious technical and operational leadership.

We are looking for someone who wants to grow into broader responsibility across infrastructure security and operations.

This is how we do that at Ello:

• Exposure to cross-BU technical leadership and strategic decision-making
  
• Opportunity to grow into senior operations or architecture leadership roles
  
• Increasing ownership as systems mature and performance is proven
  
• A performance-led environment where strong leaders can rise
  

Coaching and Development

Good engineers solve problems. Great leaders build systems teams and standards.

This role gives you the opportunity to grow beyond technical execution into leadership and operational excellence.

This is how we do that at Ello:

• Hands-on leadership experience with a high-impact technical team
  
• Exposure to performance systems scorecards and operational structure
  
• Continuous learning through real-world incident response and improvement
  
• Feedback that is direct practical and designed to help you lead better
  

Meaningful Work and Culture

High standards. Strong support. Real impact.

At Ello Technology S2 is responsible for the most critical client environments. Your work directly affects uptime security and business continuity.

This is how we do that at Ello:

• You protect and improve real business operations
  
• You reduce risk and build stronger client environments
  
• You operate in a driven ambitious environment where standards matter
  
• You help create a business that is stable scalable and trusted