Cybersecurity Tech COE leader

At Microland, we do mission-critical work for great companies. We specialize in Cybersecurity solutions, Digital Transformation journey and business automation roadmaps.Our Cybersecurity experts are results-obsessed, focused and flexible, highly engaged and hugely experienced. Those qualities are what make us different than old-school Information Security Operations Centers. And surely, they are why clients and partners describe us as the gold standard in client experience.Microland has been recognized as the Key Challenger & Market leader in Cybersecurity business by several leading market research agencies. Therefore, we are also considered as The Partner of choice by our target customers due to our Nimble yetCustomer-obsessed culture.About this Role:We are growing our Global Cybersecurity Business and seeking a Cybersecurity Center of Excellence (CoE) Leader to strengthen our Global Cybersecurity Delivery practice. Reporting to the Head of Technology Delivery, this role blends engineering, compliance, red/purple team leadership, and innovation, specifically focusing on SOC & Cloud Security practices, to help clients improve their cybersecurity posture.This is a hands-on leadership role - you’ll be building capabilities, leading teams, engaging with clients, and shaping next-generation cybersecurity services.Key ResponsibilitiesInnovation, Thought Leadership & Client Enablement- Create cybersecurity innovations and technical solutions that address market/customer needs, opportunities, or problems. - Create and deliver white papers, presentations and demos for client/prospect meetings, industry events, and conferences. - Support CoE infrastructure, processes and knowledge management; demonstrate curiosity and a problem-solving mentality. - Contribute to business-facing deliverables and thought leadership to support client engagements.Assessments, Frameworks & Risk Evaluation- Perform cybersecurity assessments using formal frameworks (FedRAMP, NIST, PCI, NIST CSF and equivalents). - Conduct compliance readiness, vulnerability and risk assessments and evaluate technical security architecture and controls. - Analyze and synthesize cyber and log information with other data sources; fuse computer network attack analyses with threat intelligence to evaluate and interpret risk. - Conduct analysis on network traffic, large sets of logs and other security data for breach analysis.Offensive Security — Red Team & Ethical Hacking- Hands-on red teaming and ethical hacking across technologies (network, applications, mobile, embedded, ICS/SCADA, wired/wireless). - Create red team attack scenarios focusing on weakest entry points, creative multi-method testing, stealth, pivoting, privilege escalation, and covert persistence. - Execute social engineering, phishing, physical security testing and other human-element attacks. - Stay on top of fast-changing red team TTPs and associated tools to deliver successful services. - Design and deliver advanced offensive capabilities to identify new security solutions.Defensive Understanding & Collaboration (Blue Team / SOC)- Understand and work with defensive teams: Blue Team, SOC, monitoring and response (SIEM, IDS/IPS), EDR (including bypass techniques), and overall detection & indicator concepts. - Create effective red team activities to test defensive controls (e.g., developing/using malware, pivoting, stealthy techniques) and help defenders improve. - Collaborate with CIRC Team to perform “devil’s advocate” simulations against organizational detection and prevention capabilities.Exercises, Simulations & Purple Teaming- Create and design attack simulations: Tabletop Exercises, Attack Simulation Exercises, Blue-Red Team Exercises with intelligence-led tactics, techniques and procedures. - Ensure gaps identified from simulations are remediated with assistance from the CIRC Team. - Host quarterly Purple Team exercises to identify unknown gaps; collaborate with stakeholders to execute, document, curate and present results.Incident Response, Forensics & Operations- Perform client operations and incident response activities; utilize security technologies including SIEM, IDS and HBSS. - Conduct DFIR and forensic investigations and integrate findings into broader threat analysis and remediation actions.Vulnerability Validation & Remediation- Validate and propose solutions for public Proof-of-Concept Remote Code Execution exploits; determine risk and impact to the organisation. - Proactively identify remediation and patching courses of action and work with responsible teams to implement fixes.Labs, Tooling & Research- Organize and manage the Microland AG Hackers Lab in APAC, including creating hacking workbenches for department use. - Keep up to date with the most recent hacking tools and frameworks; explore functionality and proactively identify detection gaps with the CIRC Team. - Be comfortable learning and adopting new OS, tools, development languages and online technologies.Cloud, IAM & Third-Party Tools- Knowledge of public cloud security services (VPC, data encryption, public/private key security, etc.). - Ability to architect and engineer cybersecurity methodologies and frameworks for AWS, Azure and GCP. - Knowledge of Identity & Access Management tools (SailPoint, Ping, or similar). - Understanding and use of third-party security tools such as RSA, McAfee, Splunk, etc.Communication, Leadership & Mentoring- Strong communication skills and ability to work with all stakeholders (internal and external), advise and implement the best solutions. - Leadership and teamwork mentality: mentor colleagues, help them develop, and improve team capabilities. - Maintain a hands-on mentality while providing strategic leadership and capability building.Skills & Technical Expertise- Red & Purple Teaming, Phishing, Social Engineering, AppSec, Infosec, Penetration Testing (Pentest) - TTPs, Threat Analysis, Threat Modeling, EDR, SOC, SIEM, IDS/IPS - Forensic Investigation, DFIR, Networks/Systems/Applications, IOCs, IOAs - Malware development, Malware analysis, Reconnaissance, Weaponization, Delivery, Exploitation, C2 (Command & Control), Lateral Movement - Ethical Hacking, Web Application Security, Mobile Security, Device Testing - Tools & scanners: Burp, Nessus, Nmap, Ncat (and equivalents) - Scripting and platforms: Linux, Windows, OSX; various scripting/development languages and automation tools - Certifications/skills referenced: OSCP, OSCE, GPEN, GXPN, GMON (and equivalent practitioner skills)Qualifications:- 14+ years experience in security operations or analytical roles, preferably in enterprise environments. - Strong knowledge of infrastructure security, vulnerability management, risk assessments, and cybersecurity policy development. - Understanding of IT/security controls, compliance readiness, and technical security architecture/design/implementation. - At least one recognized certification (CISSP, CEH, CCSP, GSEC, GIAC, etc.); experience with SIEM and SOAR platforms preferred. - Experience working in Agile environments with excellent leadership, team management, and communication skills. - Ability to work independently, mentor teams, and contribute to business development/sales opportunities in cybersecurity. - Entrepreneurial mindset with interest in helping grow and scale business practices. - Bachelor’s degree in computer engineering, cybersecurity or related field is required - Management consulting experience is preferred. - Willingness to travel up to 20%.Experience with publishing thought leadership and whitepaper is preferredLastly, we are looking for a SOC technology leader, who is passionate about SOC innovation, tools and automation.