Lead Associate Principal, Cyber Defense
Listed on 2026-07-09
-
IT/Tech
Cybersecurity, IT Project Manager, IT Consultant
What You’ll Do
Lead the charge in protecting our organization from evolving cyber threats. As Lead Associate Principal, Cyber Defense, you’ll drive the analysis of threats and vulnerabilities, lead a team of security professionals, and own the strategy for how we defend our enterprise. You’ll take initiative to launch and lead security projects—assembling teams to remediate threats, incidents, and compliance gaps—while sharpening how we monitor third‑party feeds and forums for emerging risks.
You’ll also guide regulatory compliance from documentation through testing and report key metrics directly to senior leadership. If you want a role where your leadership and expertise shape an organization’s entire security posture, this is it.
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
- Incident Management and Security Analysis
- Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting.
- Oversee technical analysis of security events while coordinating incident response activities with internal and external teams.
- Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures.
- Develop and support briefings to OCC senior management as a trusted incident responder.
- Security Monitoring & Analysis
- Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
- Lead systems management team to operationalize remediation efforts for gaps identified.
- Develop and implement security monitoring roadmaps for OCC technologies, applications, SaaS, and other cloud‑hosted solutions. These roadmaps will direct efforts on implementation of monitoring use cases and measurement of monitoring capabilities.
- Manage, implement, and validate security monitoring use cases, mapping to frameworks, technical configuration for security tools, etc.
- Security Device Administration
- Subject matter expert on security tools including appliances, hosted systems, and SaaS – including health checks, version updates, and content development.
- Validate content changes to security tools are appropriate from other analysts and teams.
- Report on and enhance current metrics surrounding security tool capabilities and efficacy.
- Subject matter expert in the systems lifecycle – performing upgrades, implementation of new technologies, and enhancement identification.
- Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods.
- Advise management selecting and scheduling employee training classes, conferences, and seminars.
- Proven team leadership and project management skills, with the initiative to drive solutions across diverse skillsets and work independently or with local/remote staff, vendors, and consultants.
- Skilled in security assessments and control implementation based on standards like NIST, COBIT, ISO, ITIL, and the NIST Cybersecurity Framework.
- Strong oral and written communication, analytical, and judgment skills, with the ability to engage effectively with all levels of management in both formal and informal settings.
- Implementation and maintenance of security platforms (Splunk, Crowdstrike, Symantec DLP) and vulnerability assessment tools (Qualys, Nessus, nmap), including incident response playbook development and remediation management.
- Proficiency with network sniffers/packet tracing tools (Ethereal, tcpdump, etc.), preventative/detective technologies (EDR, network‑based analysis), and Web Application Firewalls.
- Strong background in encryption technologies (PGP, PKI, X.509) and directory services/LDAP security (Active Directory, CA Directory).
- Experience across client/server platforms (Solaris, Windows, Linux) and OS hardening procedures, plus proxy/caching services.
- Knowledge of LAN/WAN routing and high availability protocols (OSPF, BGP4/iBGP, EIGRP, NSRP), cloud security tools (AWS, Azure,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).