Key skills
CloudLeadershipCommunicationCritical ThinkingZero Trust
About this role
Role Overview
- Define the vision, maturity roadmap and operating model for cybersecurity detection and incident response capabilities (SOC/CSIRT), aligned with the organization’s risk profile and objectives;
- Lead security monitoring operations, ensuring severity criteria, escalation and effective coordination of the response to critical incidents;
- Govern security platforms such as SIEM, SOAR, XDR and EDR, ensuring telemetry quality, prioritization of use cases and automation of playbooks;
- Integrate Threat Intelligence sources and guide threat hunting activities based on TTPs (MITRE ATT&CK), promoting purple team exercises;
- Ensure the vulnerability management lifecycle, from identification and prioritization to remediation, in coordination with technical teams;
- Ensure evidence for audits and manage legal and regulatory obligations, including GDPR and NIS2, where applicable;
- Maintain, test and evolve incident response and business continuity/disaster recovery plans, incorporating lessons learned and security improvements;
- Report regularly to Senior Management and liaise with areas such as Legal, Data Protection Officer and Communications in incident or crisis contexts;
- Manage contracts, SLAs and performance of cybersecurity service providers;
- Scale and develop SOC and CSIRT teams, promoting continuous training, certifications and a culture of continuous improvement;
- Define and track security KPIs (MTTD, MTTR, dwell time, false positive rate, control coverage), producing executive reporting;
- Participate in the cybersecurity committee, ensuring security requirements are integrated from the early stages of projects.
Requirements
- Bachelor’s degree in Computer Engineering or an equivalent field;
- Proven experience leading SOC and/or CSIRT teams;
- Strong knowledge of incident management, digital forensics and incident response (DFIR);
- Experience with SIEM, SOAR, XDR and EDR platforms;
- Knowledge of threat intelligence, threat hunting and frameworks such as MITRE ATT&CK;
- Experience in vulnerability management, identity and Zero Trust models;
- Knowledge of security in cloud, email and perimeter environments;
- Ability to produce executive reporting and communicate with multiple stakeholders.
Behavioral competencies
- Leadership in crisis situations and decision-making under pressure;
- Clear, structured and effective communication;
- Critical thinking and strong problem-solving skills;
- Resilience, stress management and a strong sense of responsibility;
- Risk awareness, professional ethics and confidentiality;
- Planning, organization and execution skills.
Other valued competencies and knowledge
- CISSP (ISC²) or CISM (ISACA);
- CompTIA CySA+ and/or Security+;
- ITIL 4 Foundation;
- ISO/IEC 27701 or equivalent training in privacy and data protection.
Tech Stack
- Cloud
Benefits
- Join a young, dynamic team in a relaxed environment that values closeness and team spirit;
- Hybrid work arrangement;
- Continuous training to support your professional development;
- Access to a campus with free parking, welcoming and well located in Lisbon;
- Various internal initiatives to promote socializing and interaction among employees;
- Possibility to enroll in ADSE;
- Cafeteria;
- Management by objectives.