Role Summary
As the Security Practice Lead, you will be the visionary and operational head responsible for evolving our current basic SOC engagement into a world-class MSSP Security Practice. You will lead the integration of advanced SIEM, EDR, and SOC solutions, specifically optimized for AWS environments. Your mission is to build a scalable security service catalog, manage strategic partnerships with ISVs and AWS, and provide high-level technical consultancy to our enterprise customer base.
Key Roles & Responsibilities
1. Strategic MSSP Evolution & Leadership
- Practice Building: Define the roadmap to transition from a basic reactive SOC to a proactive, multi-tenant MSSP model.
- Team Scaling: Recruit, mentor, and scale a high-performing team of SOC Analysts (L1/L2/L3) and Security Engineers.
- Partnership Management: Act as the primary technical point of contact for AWS Security Teams and ISV Partners (e.g., CrowdStrike, SentinelOne, Splunk, Palo Alto) to co-build security solutions.
- Service Design: Develop standardized Security-as-a-Service offerings, including pricing models, SLAs, and reporting templates for a shared customer base.
2. Technical Architecture & Solutions (SOC/SIEM/EDR)
- Advanced SIEM/SOAR: Lead the implementation and fine-tuning of SIEM platforms (e.g., AWS Security Lake, Microsoft Sentinel, or Splunk) and automate responses using SOAR playbooks.
- EDR/XDR Integration: Oversee the deployment and management of Endpoint Detection and Response (EDR) solutions across diverse customer environments.
- AWS Security Native Tooling: Architect solutions leveraging AWS GuardDuty, Security Hub, Inspector, and Detective to provide unified visibility.
- Customer Advisory: Act as a Virtual CISO for key clients, translating their business risks into technical security requirements and long-term roadmaps.
3. Offensive Security & VAPT
- VAPT Oversight: Lead and manage Vulnerability Assessment and Penetration Testing (VAPT) engagements.
- Remediation Tracking: Ensure that VAPT findings are not just reported but actively remediated through collaboration with the Cloud Engineering teams.
- Threat Hunting: Implement a continuous threat-hunting culture to identify sophisticated low-and-slow attacks that bypass automated alerts.
4. Governance, Risk & Compliance (GRC)
- ITIL Framework: Ensure all security operations align with ITIL standards for Incident, Change, and Problem Management.
- Compliance Alignment: Ensure the MSSP practice helps customers meet regulatory requirements such as SOC2, PCI-DSS, HIPAA, and GDPR within AWS.
Technical Skills & Qualifications
Security Operations
Expert knowledge of SOC workflows, Triage, and Incident Response in a multi-tenant (Shared) environment.
SIEM / EDR
Hands-on experience with at least two major SIEMs and EDR platforms.
Cloud Security
Strong understanding of the AWS Shared Responsibility Model, VPC Security, and Identity Governance.
Offensive Security
Practical knowledge of OWASP Top 10, MITRE ATT&CK framework, and VAPT tools (Nessus, BurpSuite, Metasploit).
Automation
Ability to advocate for Security as Code using Python or Terraform to automate security guardrails.
Experience Requirements
- Overall IT Experience: 10+ years, with at least 6 years dedicated to Cyber Security operations.
- MSSP Experience: Minimum 3 years working in a leadership or senior architectural role within an MSSP or Managed Services environment.
- Customer Facing: Proven track record of handling technical presales, scoping projects, and managing executive-level stakeholders.
Required & Preferred Certifications
- Mandatory: ITIL Foundation or Intermediate.
- Preferred:CCSP (Certified Cloud Security Professional) or CCSK (Certificate of Cloud Security Knowledge).
- Gold Standard: CISSP, CISM, or AWS Certified Security – Specialty.
