Senior Manager - Security Operations

What we are looking for

Noon's Group Cybersecurity is looking for a senior leader in the capacity of Senior Manager, Security Operations (Detection and Response) to build and own an internal MSSP-grade Security Operations (Detection and Response) practice end to end across the noon group of companies.

This is a high-stakes builder role. You will come in to formulate most of the function and take it from 1->10, including the operating model, the engineering standards, the incident response muscle, and the accountability system that keeps delivery moving.

You will build a modern, cloud-native Security Operations capability that is MSSP-grade in rigor and reliability, built to serve an internal group of companies, including: service discipline, consistent processes, measurable SLAs, and high-quality reporting packs, while remaining deeply embedded with our engineering and operations teams so response is fast, practical, and effective.

This role requires deep technical judgment across detections and response, alongside executive-grade rigor on metrics, accountability, and decision-making. The outcomes are leaning on: high-signal detections, fast containment, strong incident command, and automation-first workflows that scale across UAE, KSA, Egypt, and India.

You will be the focal point for security monitoring, investigation, response execution, and coordination during incidents, and you will also set the long-term standards for how we measure SecOps effectiveness, how we run incidents, and how we continuously improve detections based on real attacker behaviors, TTPs, and intelligence.

Key Responsibilities

Build and lead noon Group's centralized Detection and Response function from first principles, with a security engineering culture, not a traditional SOC

Design the D&R operating model across all entities including severity taxonomy, escalation paths, on-call model, and single accountable owner rules.

Establish MSSP-grade service discipline including response targets, KPIs, SLAs, weekly metrics packs, monthly narratives, quality gates, and operational reviews that hold owners accountable.

Own detection engineering outcomes across SIEM and EDR including coverage strategy, detection lifecycle management, tuning, validation, retirement, and documentation.

Create a detection quality system that measures signal-to-noise, time-to-triage, time-to-containment, repeat-incident classes, and detection effectiveness against real adversary behaviors.

Build the incident response muscle across the group including playbooks, incident command standards, evidence handling, communications templates, and post-incident learning that translates into engineering changes.

Lead high-severity incidents as incident commander when required and ensure calm, rigorous execution across stakeholders.

Drive automation-first operations including SOAR playbooks, enrichment pipelines, containment workflows, and scripting to remove toil and increase response speed.

Own telemetry health and visibility including onboarding standards, log quality controls, and monitoring that prevents blind spots across identity, endpoints, cloud, SaaS, and critical business systems.

Run proactive defense routines including threat hunting, validation sprints, and purple-team style exercises that continuously improve detection fidelity.

Build tight interfaces with RedTeam, Product Security, Cloud Security, DevOps, and IT, with minimal executive escalation, so operational detections reliably translate into preventive controls and durable fixes.

Build and lead the team through hiring, onboarding, training, coaching, performance standards, and a culture of engineering rigor and operational excellence.

Who we need

10 to 15 years of progressive experience in cyber defense spanning detection engineering, incident response, and security operations leadership in complex, high-scale environments.

Demonstrated experience building a high-performing MSSP-grade discipline or multi-environment detection and response practice with measurable outcomes, not running a traditional SOC.

Strong technical depth in SIEM and EDR engineering including detection strategy, correlation logic, response workflows, telemetry pipelines, and log quality practices.

Demonstrated major incident leadership experience including incident command, cross-functional coordination, executive communications, and actionable post-incident remediation.

Strong understanding of modern attack paths across cloud, identity, endpoints, SaaS, and web applications with ability to translate TTPs into durable detections and response playbooks.

Strong engineering mindset with practical coding and automation capability in Python, Go, or similar, and evidence of materially reducing manual toil.

Ability to design and run an operating system including KPIs, OKRs, dashboards, quality gates, and recurring operating reviews that drive accountability and execution.

Strong stakeholder influence and ability to drive outcomes through engineering and operations teams without formal authority using clarity, rigor, and escalation discipline.

Comfortable operating across multiple geographies and time zones with structured cadence, crisp communication, and high standards.

Track record of hiring and developing strong teams, setting a high bar, and sustaining calm performance during high-pressure incidents.

Preferred experience

Experience in large consumer internet, e-commerce, fintech, payments, logistics, or marketplace environments where threats include account takeover, fraud, abuse, bots, and high-volume identity events

Experience operating in an MSSP, MDR, or similarly SLA-driven environment, and applying that discipline inside an enterprise security org

Experience building detection engineering as code practices including version control, peer review, testing, release management, and regression validation

Experience implementing SOAR and response automation at scale with clear measurement of time saved and response improvement

Experience running threat hunting programs tied to detection improvement and measurable coverage gains

Experience partnering with cloud and platform teams to embed security telemetry and detection requirements into infrastructure standards and golden paths

Experience operating in audit-heavy environments with strong evidence practices, repeatable reporting, and consistent control validation

Certifications are a nice bonus, not the priority. If you have GCIH, GCFA, GCDA, or AWS/GCP security certs, great. What matters most is demonstrated ability and consistently delivering high-impact outcomes.