IT Security Lead

Job Summary

We are seeking a proactive and technically strong Information Security Lead to drive our enterprise-wide cloud and infrastructure security operations, focused on Azure Security, SOC operations, threat intelligence, breach readiness, and regulatory compliance. This role plays a critical part in improving cyber defence maturity, ensuring resilience against attacks, and enabling audit readiness, while working closely with MDR/MSSP vendors, internal IT teams, and governance functions. The scope excludes application and DevSecOps security, focusing purely on infrastructure and operations security domains.

Key Responsibilities

Cloud Security (Azure Focus)

• Lead improvements in Azure security posture using Microsoft Secure Score, Azure Policy, and Azure Defender for Cloud.
• Implement and manage Azure-native security controls, including Key Vault, Azure Firewall, NSGs/ASGs, Sentinel, and Microsoft Defender XDR.
• Enforce Azure Security Benchmark and contribute to Azure Well-Architected Framework (Security Pillar)assessments and remediation.

Security Operations & Incident Response

• Oversee day-to-day SOC operations in collaboration with MDR/MSSP vendors, ensuring timely triage, escalation, and remediation.
• Improve MTTA/MTTR through playbook automation, detection rule tuning, and optimised incident workflows.
• Lead root cause analysis, forensics, and incident post-mortems for infrastructure and cloud-related security events.

Cyber Threat Intelligence and Blue Teaming

• Integrate actionable Cyber Threat Intelligence (CTI) feeds and threat actor TTPs into the detection pipeline.
• Run regular phishing simulations, blue teaming, and breach and attack simulations (BAS) to validate defence readiness.
• Conduct and support infrastructure threat modelling using MITRE ATT&CK and STRIDE frameworks.

IT Security & Patch Compliance

• Ensure IT infrastructure security, including laptops, servers, printers, and internal systems.
• Define and enforce enterprise patch management policies, track patch compliance for OS, firmware, and software.
• Monitor for vulnerable configurations and outdated software across end-user and server endpoints.

Active Directory & Identity Security

• Secure and monitor Active Directory (AD) and Azure AD for privilege escalations, misconfigurations, and abuse patterns.
• Implement conditional access policies, multi-factor authentication (MFA), and role-based access control (RBAC).
• Ensure alignment with SC-300 Microsoft Identity & Access best practices.

Network Security

• Define and enforce network segmentation, firewall rule reviews, secure VPN configurations, and zero-trust policies.
• Perform network threat analysis and work with IT/network teams to detect anomalies, lateral movement, or exfiltration risks.
• Monitor and harden edge devices (routers, firewalls, IDS/IPS).

Governance, Risk & Compliance (GRC)

• Ensure cloud and infra environments are compliant with standards (ISO 27001, SOC 2, NIST CSF).
• Support internal/external audits and maintain audit readiness for controls involving cloud and IT security.
• Drive Security BCP and DR testing exercises; document findings and track mitigation.

Vendor Management and Operations

• Act as primary liaison for MDR/MSSP providers, managing SLAs, escalations, tuning requests, and playbook improvements.
• Own contracts, performance metrics, and quarterly service reviews with security vendors.

Security Metrics and Reporting

• Track and improve metrics like Microsoft Secure Score, patch SLAs, threat detection coverage, MTTA/MTTR, phishing susceptibility, and audit gaps.
• Maintain and publish security dashboards and operational health reports to leadership.

Qualifications

Education

• Bachelor's or Master's in Information Security, Computer Science, or a related technical discipline.

Experience

• 6+ years of hands-on experience in Information Security, including:
  • 3+ years in Azure Security and SOC operations
  • Proven exposure to IT infrastructure, AD security, and network hardening
  • Leading incident response, audit preparation, and GRC collaboration

Certifications (Highly Preferred)

• AZ-500: Microsoft Azure Security Engineer Associate
• SC-200: Microsoft Security Operations Analyst
• SC-300: Microsoft Identity and Access Administrator
• SC-100: Microsoft Cybersecurity Architect
• Optional: CISSP, CISM, ISO 27001 LA, or GIAC certifications (e.g., GCIA, GCIH)

Skills & Competencies

• Deep expertise in Azure-native security, SIEM/XDR/EDR tooling
• Strong grasp of network protocols, firewall rules, Active Directory, and endpoint hardening
• Familiarity with cyber kill chain, threat intelligence, and detection engineering
• Proficient in KQL, PowerShell, or scripting to support security automation
• Clear communicator able to translate technical risk into business impact