Cybersecurity Operations Team Lead – ATFM Security Managed Support (Day 2 Operations)

The ATFM Security Team Lead is responsible for leading a three-person team in the ongoing support and protection of ATFM systems. The role ensures operational efficiency, technical excellence, and compliance with established security standards. The Team Lead will act as the primary liaison between the ATFM security team, higher management, internal technical teams, and external security partners.

1. Leadership & Coordination

• Lead and manage the Day 2 Operations team, including scheduling, workload assignment, and performance monitoring.
• Act as the primary escalation point for operational, technical, and stakeholder issues.

2. Technical Oversight

• Oversee the execution of regular account and log reviews using Splunk, CyberArk, Trellix, Carbon Black, and other security tools.
• Provide guidance on incident investigation, root cause analysis, and remediation tracking.
• Ensure all security alerts and incidents are handled according to established SLAs.

3. Stakeholder Engagement

• Serve as the central point of contact with HTSOC, GSOC, FM Teams (System, Cloud, Network), and tenants (Application).
• Facilitate remediation follow-up, risk register maintenance, and VAPT action closure.
• Work closely with the external CISO on compliance initiatives, policy enforcement, and audit readiness.

4. Reporting & Governance

• Consolidate and review team inputs for monthly operational reports.
• Provide ad-hoc reports and security status updates to management as required.
• Track KPIs and SLAs to ensure service quality and compliance.

5. Continuous Improvement

• Identify process gaps and recommend enhancements to improve operational efficiency and security posture.
• Mentor and upskill engineers to maintain high technical competency across all required tools

Be available and must be able to respond to high-priority incidents outside standard working hours as part of standby duty

Technical Skills:

• Strong working knowledge of SIEM (Splunk), PAM (CyberArk), EDR (VMware Carbon Black), and endpoint protection (Trellix).
• Understanding of security incident lifecycle, vulnerability management, and compliance frameworks.

Leadership Skills:

• Proven ability to lead technical teams in a 24/7 standby environment.
• Strong decision-making, prioritisation, and conflict-resolution skills.

Experience:

• At least 2 years in a leadership role.
• Experience coordinating with multiple stakeholders across different technical and business domains.