Use Case Management -Team Lead

Role Description

Role Proficiency:

Under leadership' guidance responsibilities include P & L delivery compliance etc. This position manages a medium sized team accountable for delivering cyber security services for our global customers. This role is in the management stream and envisages growth in management rather than the technology space.

Outcomes

• Effectively lead a medium size Cyber Security team accountable for delivering cyber security services to our global customers
• Under guidance of the leadership team; manage resources head count etc. to ensure profitability objectives are met.
• Work with onsite and other teams to ensure service delivery to customer's satisfaction
• Responsible for the team's quality of deliverables
• Responsible for stakeholder management.
• Responsible for team adherence to Information Security policies as defined by the company and customer
• Under guidance of leadership drive initiatives to promote continuous improvement innovation and customer satisfaction etc.
  
  

Measures Of Outcomes

• Gross profit margin (GPM)
• Innovation Case Studies and value delivered to customer / Cyber proof.
• Team adherence to SLA as agreed upon with the customer.
• Quality - Percent of tickets that met quality norms
• Regulatory compliance and adherence to process – Nil NC during audits. Closure of audit findings within defined time frame
• Evidence of skill development including training certification etc.
  
  

Outputs Expected

Profitability and Team Effectiveness:

• Under leadership supervision achieve GPM that is equal to or better than agreed objectives.
• Under supervision of the leadership team work towards a balanced team; available to deliver services timely and effectively
  
  

Customer And Delivery Management

• Accountable for service delivery in line with contractual and regulatory obligations.
• Accountable for well administered team
• Interface with relevant teams to ensure smooth and schedule-based transition of services
  
  

Governance

• Under leadership supervision
  
  

Responsibilities Include Effective Governance With Required Governance Meetings

risk management

alignment with good practices and frameworks

etc.

Competence Management

• Accountable for the competence of the team for current and future requirements Leverage the organisation's infrastructure and support teams to ensure continuous growth in competency level.
  
  

Continuous Improvement

• Under leadership's guidance set benchmarks for the achievement of high performance
• Accountable for innovation continuous improvement etc.
  
  

Skill Examples

• Fair understanding of strategic planning estimation calibrating costs managing profits etc.
• Proficient in people and stake-holder management with the ability to inspire.
• Ability to manage and lead medium sized cyber security organisation.
• Sound understanding of cyber security. The ability to interface with the customers and specialist teams on topics within the area of responsibility.
• Sound understanding of regulatory and contractual aspects typical of cyber security engagements.
• High proficiency in operations and project management. Understanding of relevant frameworks in cyber security SOC IT Infrastructure etc.
• Possess unimpeachable personal and professional integrity. Individuals will be required to submit to a background check
  
  

Knowledge Examples

• 10+ Years overall experience in SOC / IT Infrastructure. At least 5 years’ experience delivering SOC services to global organizations.
• University Degree in Cyber Security (no back papers) / Bachelor’s in Engineering or Science with a master’s degree in management; and training / experience in cyber security
• Deep understanding of Risk management ISMS Quality and BCP processes / frameworks etc.
• Desirable – Training / Certification in relevant process and frameworks related to operations / project / cyber security etc.
  

Additional Comments

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively. CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services. We are looking for an experienced Use Case Management Team Lead to drive the development, optimization, and deployment of detection use cases across multiple SIEM platforms. This role will combine technical expertise, leadership, and customer-facing skills to manage a global team of detection engineers while providing expert cybersecurity guidance and consultation to enterprise customers. As a key member of our Security Operations Team, you will ensure that our service offerings remain at the forefront of threat detection, automation, and response capabilities, supporting our diverse client base worldwide. Your work, guidance and expertise will have a dominant effect on the whole organization. Main Tasks and Accountabilities:

• Manage and mentor a global team of detection engineers responsible for building, tuning, and optimizing detection use cases across a range of SIEM platforms.
• Consult our customer and deploy best practices among the UCM team, and MDR.
• Oversee the team’s daily operations and ensure high-quality deliverables for customers, balancing customer requirements, team capacity, and timelines.
• Continuously develop and enhance the UCM service and its deliverables.
• Provide technical leadership in SIEM use case development, incident detection, and automation best practices to ensure high efficacy across a variety of enterprise environments.
• Engage directly with enterprise customers worldwide to understand their security requirements and translate them into actionable use cases and security content strategies.
• Provide expert advice and guidance on SIEM tool configuration, detection rule development, and incident response workflows tailored to each client’s unique threat landscape.
• Lead the development and deployment of custom detection use cases across multiple SIEM platforms, including Google Chronicle, Azure Sentinel, Splunk, QRadar, and others.
• Continuously enhance detection capabilities by analyzing attack techniques (e.g., MITRE ATT&CK), incorporating emerging threats, and reducing false positives.
• Establish and enforce best practices for writing KQL (for Azure Sentinel), SPL (for Splunk), or equivalent query languages for other SIEMs.
• Lead customer workshops, training sessions, and regular reviews to assess the effectiveness of current detection rules and offer recommendations for continuous improvement.
• Ensure all use cases and playbooks are well-documented, including detailed descriptions, workflow diagrams, and relevant technical configurations.
• Keep up-to-date with the latest security threats, attack vectors, and techniques (e.g., MITRE ATT&CK) to ensure use cases are effective and relevant. Mandatory Requirements:
• 10+ years of experience in cybersecurity, with at least 5 years of hands-on experience in SIEM technologies such as Azure Sentinel, Google SecOps, Splunk, and QRadar as well as detection engineering.
• 3+ years of experience in a leadership or team lead role, managing or mentoring detection engineers.
• Experience supporting enterprise customers globally, with a strong understanding of the challenges and needs of large, complex environments.
• Expertise in designing, building, and tuning detection use cases across multiple SIEM platforms (Azure Sentinel, Splunk, QRadar, etc.).
• Proficiency in detection query languages (KQL, SPL, etc.) and knowledge of common detection techniques (MITRE ATT&CK).
• Preferred SIEM vendor certification of administrator.
• Familiarity with different security attack vectors and means of protection.
• Familiarity with security monitoring, incident detection, and incident response best practices.
• Strong communication and presentation skills, with the ability to explain complex technical concepts to non-technical stakeholders.
• Proven leadership abilities, with experience managing remote or global teams.
• Ability to work under pressure and balance multiple priorities while maintaining a focus on customer satisfaction.
• Strong problem-solving skills and attention to detail, with a proactive, customer-centric approach.
• University degree in information security or equivalent work experience.
• Relevant certification (e.g., GIAC GSOC, CSA, CISSP) is an advantage.
  
  

Skills

Security Engineer,Security,use Case Management,Sentinel or Splunk