Senior Cyber Security Manager(DevSecOps/SOC)
Negotiable
Position Summary
The Cybersecurity (Senior) Manager – Security Operations & DevSecOps Engineering is responsible for leading both strategic and operational initiatives that integrate security into development pipelines and manage enterprise-wide security operations. This role demands deep expertise in DevSecOps methodologies, security operations, and cross-functional collaboration to safeguard sensitive data, ensure regulatory compliance, and mitigate cyber threats. The ideal candidate will champion a security-first mindset while aligning with business goals and industry standards.
Key Responsibilities
DevSecOps Engineering
Security Integration: Embed security into development workflows through static/dynamic code analysis, vulnerability scanning, and compliance checks using tools such as SonarQube, Snyk, and OWASP ZAP.
Infrastructure as Code (IaC): Promote secure adoption of IaC using tools like Terraform and Ansible to build scalable, secure cloud environments (AliCloud, AWS, Azure).
Cross-Team Collaboration: Partner with development, operations, and security teams to foster a DevSecOps culture, offering guidance on secure coding and infrastructure hardening.
Risk Remediation: Provide technical recommendations and remediation strategies for security risks identified during DevSecOps processes.
Training & Enablement: Deliver DevSecOps solutions and training sessions, sharing best practices, tools, and compliance standards to enhance team capabilities.
Security Operations
Security Operations Center (MSOC):
Lead 24/7 threat monitoring, detection, and response operations.
Define and maintain incident triage, escalation protocols, and threat intelligence processes.
Drive incident response efforts, root cause analysis, and remediation strategies.
Optimize detection and response times (MTTD/MTTR) and improve incident resolution effectiveness.
Conduct performance reviews aligned with SLAs and KPIs.
Collaborate with Group Cybersecurity on incident management, policy alignment, and reporting.
Oversee endpoint protection, DLP, and network security initiatives.
Security Tools Management
Ensure proper configuration, updates, and performance of security tools including IDS/IPS, email protection, antivirus, firewalls, WAF, and XDR.
Manage MSSP partnerships, evaluate service quality, negotiate contracts, and ensure alignment with security needs.
Audit MSSP performance against SLAs and address service gaps.
Oversee technical policies and solutions across firewalls, endpoint, cloud, and web/email security.
Continuously assess and enhance the effectiveness of security tools to strengthen the organization’s security posture.
Security Infrastructure & Enhancement
Collaborate with IT Infrastructure and Operations teams to secure networks, endpoints, and cloud environments.
Review and validate infrastructure designs from a security perspective.
Support operational teams in identifying and mitigating vulnerabilities.
Leadership & Mentorship
Provide guidance and mentorship to junior cybersecurity team members.
Actively engage with the global SOC team to share insights, refine best practices, and improve security protocols.
Qualifications
Strong knowledge of security tools for vulnerability scanning, penetration testing, and compliance (e.g., Snyk, Qualys, Nessus, OWASP ZAP).
Experience with CI/CD tools (Jenkins, GitLab CI, CircleCI) and version control systems (Git).
Proficient in cloud platforms (AliCloud, AWS, Azure) and their security features.
Skilled in IaC tools (Terraform, Ansible, CloudFormation) and container technologies (Docker, Kubernetes).
Scripting proficiency in Python, Bash, or Go.
Passionate about cybersecurity with a drive for continuous learning and innovation.
Bachelor’s degree in Computer Science, Information Security, or related field; 5–7 years of relevant experience.
Advanced certifications (e.g., CCNSE, CCSE, CKS, CKA, GIAC, CISSP, CISM, CEH, CompTIA Security+) are highly desirable.
Familiarity with SIEM, SOAR, firewalls, antivirus/EDR, and web/email protection systems.
Deep understanding of networking protocols and cybersecurity best practices.
