Manager, Security Operations in London

Location: United Kingdom – London (Hybrid or Remote)

Role Overview:

Nasuni is seeking a deeply technical and operationally rigorous Manager, Security Operations to lead and evolve our enterprise cybersecurity operations program. Reporting to the Chief Information Security Officer, this role owns internal security operations across detection, response, identity security, vulnerability management, and operational defense across cloud, endpoint, and hybrid environments. You will lead a global security operations function responsible for incident response, SIEM/SOAR engineering, identity governance, endpoint and email security, and proactive threat detection. This is a hands‐on, player‐coach leadership role, managing a small but growing team across regions, including the US, UK and India. This role requires someone who can personally lead high‐severity incidents end‐to‐end, while also building and improving the systems, processes, and team around them. This role includes participation in an on‐call rotation and requires availability during high‐severity incidents, including evenings or weekends as needed. You will act as a key escalation point in partnership with a 24x7 monitoring vendor.

Level & Scope Definition:

This role leads enterprise‐wide security operations and incident response across corporate systems and cloud infrastructure (primarily AWS). The Manager defines operational security standards, drives detection quality improvements, leads automation initiatives, and serves as the primary escalation authority for high‐severity incidents.

This Is a Player‐Coach Role:

• With direct people leadership (small, distributed team)
• Hands-on technical ownership (incident response, detection, tooling)
• Responsibility for centralizing and improving visibility across multiple security tools and signals

Success In This Role Is Defined By:

• Measurable reduction in risk exposure
• Improved response times (MTTD / MTTR)
• Strong cross‐functional coordination across regions (US, UK, India)
• Resilient, scalable security operations execution

Key Responsibilities:

• Lead, mentor, and develop a high‐performing, globally distributed security operations team
• Define operational standards, secure configuration baselines, and detection strategies
• Own the global cybersecurity on‐call model, escalation procedures, and vendor interaction model
• Drive a culture of operational accountability, automation, and detection excellence
• Partner with GRC stakeholders to support audit and compliance requirements (SOC2, ISO, etc.)

• Own enterprise cybersecurity operations across endpoint, identity, email, network, and cloud platforms (AWS primarily)
• Lead EDR operations including threat detection, investigation, containment, and response (e.g., SentinelOne)
• Own and evolve SIEM strategy, detection engineering, and integration roadmap
• Design and maintain SOAR automation and response playbooks
• Define and enforce identity governance, conditional access, and privileged access controls (Entra ID / M365)
• Evaluate and optimize security tooling, integrations, and telemetry quality

• Lead and own incident response from triage through resolution as escalation authority
• Continuously improve incident response plans, playbooks, and runbooks
• Coordinate with MDR partners and internal stakeholders during active incidents
• Conduct post‐incident reviews and drive systemic remediation
• Improve detection quality, reduce alert fatigue, and optimize response metrics
• Defend against modern threats including phishing, BEC, malicious attachments, OAuth abuse, and AI‐generated attack techniques

• Own the end‐to‐end vulnerability lifecycle across cloud, endpoint, and infrastructure assets
• Drive visibility and prioritization across multiple tools (e.g., Wiz, Rapid7, endpoint telemetry)
• Lead efforts to centralize vulnerability insights across platforms and improve risk‐based prioritization
• Uphold remediation SLAs and drive cross‐functional accountability
• Lead patch validation and automation initiatives

• Define and report cybersecurity KPIs and executive dashboards
• Implement automation to improve investigation speed, response consistency, and reporting quality
• Maintain operational documentation, SOPs, and architecture baselines
• Leverage automation and AI‐assisted tooling to improve detection quality and operational efficiency

Required Qualifications:

• 6–9+ years of experience in enterprise security operations
• 2–4+ years leading security operations teams or programs
• Proven experience personally leading incident response end‐to‐end (not limited to alerting or support roles)
• Hands‐on expertise with SIEM engineering, detection tuning, and alert optimization
• SOAR playbook development and automation
• EDR platforms (e.g., SentinelOne) and endpoint detection/response
• Enterprise email security controls and phishing defence
• Identity security (Entra ID / Microsoft 365)
• Strong experience securing cloud environments (AWS required; Azure/GCP exposure a plus)
• Experience operating within an on‐call rotation and escalation model
• Experience working with MDR or managed security partners
• Strong communication and decision‐making skills during high‐severity incidents
• Experience using scripting, automation, or query languages (e.g., Python, KQL) to improve workflows

Preferred Qualifications:

• Experience centralizing or integrating multiple security tools into a unified operational view
• Experience with vulnerability management platforms (e.g., Wiz, Rapid7)
• Familiarity with GRC programs (SOC 2, ISO 27001) and audit support
• Experience operating across globally distributed teams and time zones
• CISSP or equivalent practical experience

Ideal Qualifications:

• Experience building or maturing a security operations function in a cloud‐first environment
• Demonstrated success improving detection quality, reducing alert fatigue, and improving MTTR
• Experience supporting M&A integration or scaling security programs
• Strong ability to balance hands‐on technical depth with team leadership in a player‐coach model

AI Competency Expectations:

• Experience defending against AI‐enabled phishing and social engineering attacks
• Experience leveraging automation or AI‐assisted tooling to improve detection and response workflows
• Ability to assess emerging risks in identity, email, and OAuth ecosystems driven by AI‐enabled threats

Ideal Candidate Profile:

• Remain technically hands‐on while leading a team
• Be comfortable owning and leading high‐severity incidents
• Value automation, detection precision, and measurable security outcomes
• Prefer operational ownership over compliance‐only roles
• Can operate effectively across global teams and time zones

Benefits:

• Best in class employee onboarding and training
• Comprehensive health, dental and vision plans
• Life and disability insurance
• Retirement plan
• Generous employee referral bonuses
• Flexible remote work policy
• Collaborative workspaces