Security Operations Center Team Lead

We are seeking a bilingual, experienced and highly skilled Security Operations and Engineering Lead. The ideal candidate will have a strong background in security operations, monitoring, detection, and response, as well as in managing security infrastructure, vulnerability management, and threat intelligence & hunting. You will be responsible for leading efforts to monitor, detect, analyze, and respond to security incidents, as well as managing the organization’s security infrastructure, vulnerability management, and threat intelligence & hunting, ensuring that the organization’s networks, systems, applications and data remain secure against evolving cyber threats. This leadership role will focus on enhancing the effectiveness of our security operations. This position is 100% remote in Colombia.

• Security Infrastructure Management
• Lead and manage the design, implementation, operation and maintenance of enterprise security infrastructure.
• Oversee the deployment and management of security technologies such as CSPM, firewalls, FWaaS, IPS, EDR/NDR/XDR, SWG, ZTNA, CASB, WAF/WAAP, SIEM systems, Microsoft Entra Privileged Identity Management and encryption solutions, among others.
• Monitor and ensure the availability and operational effectiveness of security controls to protect against internal and external threats.

• Vulnerability Management
• Lead vulnerability management efforts, including regular vulnerability assessments and scanning across all systems and applications. The following types of tests must be planned, scheduled and performed:
• SAST, DAST, IAST, SCA, Infrastructure Vulnerability Scanning, Container Vulnerability Scanning
• Identify, assess, and prioritize vulnerabilities based on risk and impact, and coordinate the remediation process across relevant teams.
• Track and report on vulnerability mitigation progress and ensure compliance with internal and external security requirements.
• Collaborate with development and IT teams to ensure that security best practices are integrated into the Secure Software Development Life Cycle (SSDLC) to avoid known vulnerabilities.

• Threat Intelligence And Threat Hunting
• Manage the threat intelligence lifecycle, including collection, analysis, and dissemination of actionable threat intelligence to proactively identify and mitigate potential cyber threats.
• Lead threat hunting efforts to search for indicators of compromise (IOCs), APTs, and other malicious activity within the organization’s networks and systems.
• Work with internal teams and external vendors to enhance threat intelligence feeds, ensuring they are current and relevant.
• Identify and provide the latest threat landscape and intelligence findings to develop and update incident response playbooks.
• Provide strategic recommendations to leadership based on emerging threats and security trends.

• Cyber Monitoring And Detection
• Lead the design, implementation, and management of security monitoring systems and processes to detect potential security incidents.
• Oversee and optimize the use of SIEM tools, including configuring alerts, use cases, dashboards, and reports to identify malicious activity and anomalies.
• Ensure continuous monitoring of network, system, and application logs to detect threats in real-time, including the use of threat intelligence feeds and anomaly detection techniques.
• Fine-tune detection rules and reduce false positives, ensuring that high-fidelity alerts are generated.

• Security Incident Response
• Design, implement, lead and manage the end-to-end incident response process, including preparation, detection, analysis, containment, eradication, recovery and post-incident activities.
• Coordinate with internal and external stakeholders (IT, legal, communications, etc.) to ensure timely and effective handling of security incidents.
• Develop, update, and test incident response playbooks, ensuring they are aligned with industry best practices and regulatory requirements.
• Manage and refine security monitoring tools and procedures, ensuring they are aligned with organizational goals and risk management strategies.
• Conduct post-incident reviews to identify root causes, weaknesses, and opportunities for the organization’s security posture improvement.
• Conduct regular simulations (tabletop exercises, red teaming) to enhance the team’s preparedness in dealing with potential cyber incidents.

• Threat Intelligence Integration
• Integrate threat intelligence feeds and indicators of compromise (IOCs) into security monitoring systems to enhance proactive detection capabilities.
• Leverage threat intelligence to inform incident response activities, providing context to security alerts and helping to identify emerging threats.

• Leadership, Collaboration & Reporting
• Identify, design, plan and lead implementation of automation opportunities.
• Continuous improvement of the processes under your responsibility.
• Collaborate with cross-functional teams to ensure the alignment of security practices with internal and external security requirements.
• Lead the evaluation and selection of third-party vendors or tools for monitoring, detection and incident response, as well as for threat, vulnerability and security infrastructure management.
• Provide expert guidance on monitoring, detection and incident response, as well as on threat and vulnerability management to all levels of the organization.
• Provide regular status reports and metrics on monitoring, detection and incident response activities, as well as on threat, vulnerability and security infrastructure management to senior leadership, offering actionable insights and recommendations for improvements.
• Provide detailed reports on security incidents, including findings, root causes, impact analysis, actions taken, lessons learned, etc.
• Maintain clear and accurate records of security incidents for audit and compliance purposes.

• Bilingual (English - Spanish) B2/C1.
• Education: Bachelor’s degree in computer science. Post-graduate degree in cyber/information security is a plus.
• Certifications: CISSP, CISM, or CISA preferred. Certifications in incident response, threat hunting and/or security operations (e.g., GCIH, GCFA) highly desirable. CEH and/or related certifications are highly desirable.
• Experience: 7+ years in cybersecurity, with at least 3 years in a leadership role related to threat intelligence, threat hunting, vulnerability management, monitoring, detection and incident response. Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight) and security tools; cloud security experience a plus.
• Skills & Competencies: Strong knowledge of incident management, threat detection and response methodologies; network security; vulnerability scanning; threat intelligence platforms and frameworks; excellent communication and the ability to work under pressure.