Key skills
AWSCloudCyber SecurityEKSIAMEntra IDCommunication
About this role
Role Overview
- Define and maintain the BoyleSports cyber security strategy, risk appetite, security policy and required control outcomes.
- Run the in-house SOC / Cyber Defence team.
- Own the detection backlog, the hunt programme, and the quality of work coming out of the Palo Alto managed SOC.
- Act as Incident Commander on the bridge during P1 events.
- Report cyber posture, material risks and incident outcomes to the CPTO, Executive Committee and Board.
- Own the commercial and operational relationship with the Palo Alto managed SOC.
- Oversee vulnerability management, attack surface management, and the security elements of identity, retail estate and product surfaces.
Requirements
- Significant career time as a hands-on defender — SOC lead, detection engineering lead, incident response lead, or equivalent.
- Recent (within the last two years) personal experience commanding live incidents.
- Demonstrable depth in modern detection and response tooling.
- Practical, current expertise with SIEM/XDR platforms — Palo Alto Cortex XDR and XSIAM ideal — and with SOAR, EDR tuning, log pipeline design and detection-as-code workflows.
- Strong working knowledge of AWS security — IAM, GuardDuty, Security Hub, CloudTrail, EKS-specific threats and detections.
- Comfortable in the console and at the CLI.
- Practical understanding of attacker tradecraft mapped to MITRE ATT&CK, including cloud, identity and web-application techniques.
- Able to lead a hunt, not just commission one.
- Direct experience managing an outsourced SOC, including holding the provider accountable for detection quality and analyst performance.
- Track record of building and leading small, high-quality defensive teams in a regulated environment.
- Excellent communication.
- Strongly preferred: Regulated-industry experience — online gambling, financial services, payments or similar — with first-hand exposure to GDPR, NIS2, and gambling-specific cyber obligations.
- Familiarity with the Microsoft endpoint and identity stack (Intune, Entra ID, Defender) alongside the Palo Alto network and endpoint stack.
- Certifications and education: Practitioner certifications are valued over governance ones. GCIA, GCIH, GCFA, GNFA, OSCP, CRTO, OSEP or equivalent hands-on credentials. CISSP or CISM acceptable as a complement, not a substitute.
Tech Stack
- AWS
- Cloud
- Cyber Security
Benefits
- Professional development opportunities
- Flexible working arrangements
- Health insurance
- Paid time off