Security Lead (MSSP)

Role overview

This position is for a seasoned cybersecurity professional to lead managed security services operations, strengthen service delivery, and guide ongoing improvements across monitoring, response, governance, and customer advisory work. The role serves as the key technical authority for security operations, with accountability for incident handling, threat management, analyst leadership, and service quality.

Core responsibilities

You will steer day-to-day SOC and MSSP activities, supervise security analysts and incident responders, and ensure security services meet agreed service levels and performance targets. A major part of the role is to drive operational maturity through process refinement, automation, and consistent execution.

The role also covers incident response leadership, including investigation, containment, eradication, recovery, root cause analysis, and reporting. You will coordinate major incidents with customers, vendors, and internal stakeholders, while ensuring prompt escalation and effective handling of critical alerts.

In the engineering and monitoring space, you will oversee SIEM, SOAR, EDR, NDR, IDS/IPS, email security, and vulnerability management tools, along with use-case tuning, log correlation, threat detection, and technology enhancement. You will also review security architecture and recommend measures that improve defensive capability.

On the governance side, the job includes maintaining alignment with ISO 27001, NIST Cybersecurity Framework, CIS Controls, and related industry standards. You will support audits, compliance reviews, policy and playbook development, and risk assessments, while helping customers address regulatory and control requirements.

As the primary customer security advisor for assigned accounts, you will deliver posture reviews, incident summaries, improvement plans, and executive briefings. The role also requires close collaboration with infrastructure, cloud, network, and application teams to resolve security risks and strengthen overall posture.

You will define KPIs and operational metrics, produce dashboards and service reports, and analyze incident trends, SLA adherence, and security maturity improvements.

Qualifications and certifications

This role calls for at least 7 years of experience in cybersecurity, security operations, or managed security services, including a minimum of 2 years in a leadership position such as Security Lead, SOC Lead, or Incident Response Lead. Experience in an MSSP setting is strongly preferred. A bachelor’s degree in Cybersecurity, Computer Science, Information Security, Information Technology, or a related discipline is required.

CISSP is mandatory, ISO 27001 Lead Auditor or Lead Implementer is also mandatory, and CISM is preferred. Additional certifications such as CEH, GCIA, GCIH, SC-200, AZ-500, or similar credentials are considered an advantage.

Technical and leadership profile

The ideal candidate should bring strong experience with SOC operations, SIEM, SOAR, EDR, XDR, IDS/IPS, and threat intelligence platforms, along with hands-on exposure to Microsoft Sentinel, Splunk, QRadar, ArcSight, LogRhythm, or comparable tools. Practical knowledge of incident response, digital forensics, malware analysis, threat hunting, cloud security across Azure, AWS, and Google Cloud, vulnerability management, endpoint protection, and security architecture is important.

You should also be comfortable working with MITRE ATT&CK, NIST, ISO 27001, CIS Controls, and Zero Trust concepts. Strong leadership, stakeholder management, calm decision-making during critical incidents, analytical thinking, executive reporting, and a continuous-improvement mindset are key success factors.

Additional information

This is a full-time, on-site position based in Doha, Qatar. The source did not specify salary, openings, start date, application deadline, or internship details.