Cyber Operations Team Lead

Roles & Responsibilities

Cyber Operations Team Lead 

Key Responsibilities 

• Team Leadership & Management 
• Lead, mentor, and develop a team of Threat Operations Analysts, ensuring high-quality output and strong technical performance. 
• Oversee day-to-day workflow, case allocation, and SLA management. 
• Conduct regular quality reviews of analyst findings, advisories, and attribution assessments. 
• Support hiring, onboarding, training, and ongoing professional development of team members. 
• Operational Oversight 
• Ensure accuracy, consistency, and timeliness of threat and vulnerability notifications delivered to customers. 
• Monitor operational metrics, case volumes, detection triggers, and workload distribution. 
• Drive continuous improvement of processes, documentation, and internal playbooks. 
• Coordinate closely with CTRL (Client Threat Research Labs) to ensure smooth integration of new detection patterns, use cases, and scanning methodologies. 

Technical Escalation 

• Serve as the senior escalation point for complex exposure validation, disputed asset ownership, unusual detections, or high-impact vulnerabilities. 
• Support Underwriting, Customer Support, and Claims with expert analysis when required. 
• Cross-Team Collaboration 
• Work with CTRL researchers to feed back real-world findings, false positive trends, and enhancement opportunities for detection pipelines. 
• Collaborate with the Proactive Engineering and Data teams on tooling, automation, and dataset improvements. 
• Ensure alignment between UK and Sri Lanka proactive teams. 
• Customer & Stakeholder Engagement 
• Oversee the quality of outbound advisories and ensure communications meet Client standards. 
• Engage directly with brokers or customers for complex cases requiring senior technical clarification. 
• Represent the Cyber Operations function in internal reviews, presentations, and cross-department initiatives. 
• Strategic Contribution 
• Help shape the roadmap of the Cyber Operations function and contribute to the evolution of proactive risk-reduction services. 
• Identify operational gaps, process inefficiencies, and opportunities for automation or improved accuracy. 
• Support the rollout of new service lines, detection logic, and operational capabilities. 

Required Skills & Knowledge 

• Strong foundational understanding of networking (TCP/IP, ports, protocols) and common internet-facing services. 
• Excellent grasp of vulnerability mechanics, CVE/CVSS scoring, adversary behaviours, and exploitation principles. 
• Experience using exposure assessment tools and datasets (Shodan, Censys, LeakIX, Nuclei, DNS/WHOIS investigations). 
• Ability to review and validate complex attribution or mitigation scenarios. 
• Skilled at translating technical issues into clear, actionable customer-ready communication. 

Experience 

• Senior experience in a cyber operation, SOC, MSSP, threat monitoring, or similar environment. 
• Demonstrated experience leading or mentoring analysts or managing operational workflows. 
• Proven background in exposure validation, or threat verification. 
• Experience working across distributed teams is advantageous. 

Certifications (Desired but Not Essential) 

• CompTIA Security+, CySA+, Network+, or equivalent vendor-neutral certifications. 
• GIAC, eLearnSecurity, or other advanced training is beneficial. 

Personal Qualities 

• Strong leadership presence with the ability to motivate and mentor a growing team. 
• High attention to detail and strong analytical capability. 
• Clear and confident communicator with excellent organisational skills. 
• Proactive mindset, comfortable making decisions in fast-moving operational environments. 
• Passionate about improving processes, accuracy, and customer outcomes.