Security Defence and Operation Lead

To lead the operational defence of the AECI’s digital infrastructure by coordinating incident response, managing vulnerability remediation, and maintaining critical security controls. This role ensures that threats identified by the Security Operations Center (SOC) are swiftly addressed, security incidents are resolved, and endpoint and network protections are continuously optimised. The position plays a key role in safeguarding business continuity, minimising cyber risk exposure, and supporting compliance with internal and external security standards.

Roles and Responsibilities

• Lead incident remediation for threats identified by the virtual Security Operations Center (SOC), ensuring timely and effective containment and recovery.
• Coordinate vulnerability remediation, ensuring vulnerabilities are tracked, prioritised, and resolved in collaboration with IT teams.
• Verify resolution of security incidents and validate that patching activities are completed and effective.
• Optimize alert handoffs and reporting workflows, reducing false positives and improving response efficiency.
• Maintain and monitor critical security controls, ensuring continuous protection and compliance with security baselines.
• Monitor third-party performance, ensuring vSOC and vulnerability management providers meet contractual obligations and service levels.
• Develop and maintain unified response playbooks for technical teams, enabling consistent and rapid response to incidents

Qualifications & Experience

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Industry-recognised cybersecurity certifications such as:
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• CompTIA Security+ or CySA+
• Microsoft certifications aligned to security operations and threat response:
• AZ-500: Microsoft Security Engineer
• SC-200: Microsoft Security Operations Analyst – focused on threat detection, investigation, and response using Microsoft Defender and Sentinel
• SC-300: Microsoft Identity and Access Administrator – relevant for IAM and access control integration
• SC-900: Microsoft Security, Compliance, and Identity Fundamentals – foundational knowledge of Microsoft security and compliance solutions
• Familiarity with Microsoft Defender for Endpoint, Microsoft Sentinel, and other Microsoft 365 security tools is highly advantageous.
• Additional training in incident response, vulnerability management, and EDR platforms is recommended.
• 6–10 years of progressive experience in cybersecurity operations, including hands-on incident response and threat remediation.
• Proven experience managing or working closely with a virtual Security Operations Center (SOC) and vulnerability management platforms.
• Strong background in coordinating patch management and vulnerability remediation across IT and infrastructure teams.
• Experience maintaining and optimising endpoint detection and response (EDR) tools and network segmentation controls.
• Demonstrated ability to develop and implement incident response playbooks and operational workflows.
• Familiarity with managing third-party security service providers and evaluating their performance.
• Exposure to enterprise IT environments, preferably with SAP, Active Directory, and hybrid cloud infrastructure.

Key Competencies

• Deep understanding of security operations center (SOC) functions and threat detection
• Familiarity with vulnerability scanning tools and remediation processes
• Knowledge of endpoint protection platforms and network security architecture
• Awareness of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK)
• Understanding of IT infrastructure and service desk integration

AECI respects your right to privacy. Please review our privacy policy at https://investor.aeciworld.com/governance.