Build a lean, automated, intelligence-led security operations capability. Location: UK (Hybrid) Salary: GBP 80,000 - 110,000 Reports to: CEO Type: Permanent, Full-Time ABOUT THE ROLE CybaVerse is not building a traditional SOC. We are building a next-generation security operations capability — lean, automated, and intelligence-led — delivered through our CybaOps platform and a focused team of strong operators. This is an opportunity to define and lead the security operations function. You will not be managing shift rotations or working through alert queues. You will be architecting the approach, automating the repetitive, and personally leading on the complex. You will operate across the full threat lifecycle from detection engineering to incident response to client-facing consultancy, and your input will directly shape the product we take to market. We are looking for someone who sees automation as a force multiplier and who can operate equally well at board level and deep technical level. This is a builder's role. If your strength is running a traditional tier-1 triage function, this is not the right fit. If you want to build something genuinely different, read on. WHAT YOU WILL OWN Design, build, and lead CybaVerse's security operations capability across strategy, tooling, process, and people Drive automation-first detection and response using the CybaOps platform (SIEM, EDR, SOAR, vulnerability management) Own the incident response function end-to-end, from triage through to post-incident review and client debrief Build and refine detection engineering: threat modelling, custom rule development, tuning, and coverage mapping against MITRE ATT&CK Act as a senior technical consultant to clients, including C-suite and board-level stakeholders, during incidents and engagements Collaborate with the Product and CTO function to feed real-world operational insight back into the CybaOps platform roadmap Contribute to the go-to-market narrative through case studies, thought leadership, and sales support on enterprise deals Mentor and develop junior operations staff, building a culture of excellence and continuous improvement Define and own security operations KPIs, SLAs, and service quality standards WHAT WE ARE LOOKING FOR Essential: Solid background in security operations, incident response, or threat detection, ideally across both MSSP and in-house environments Strong automation mindset: SOAR platform experience, scripting (Python preferred), workflow design to eliminate repetitive manual tasks Hands-on incident response capability — you can lead a live breach from initial triage through to containment and recovery Detection engineering experience: SIEM rule writing and tuning, Sigma/YARA, threat hunt methodology Wide domain knowledge across endpoint, network, cloud, identity, and application security Strong communication skills — able to write a client-ready incident report and present findings to a board clearly and confidently Comfortable operating in a lean, fast-moving environment where you will often be the most senior technical person in the room Desirable: Experience scaling or transforming a SOC, particularly reducing headcount dependency through tooling and automation Familiarity with vulnerability management, CAASM, or exposure management Prior consultancy or professional services background, particularly advisory work at enterprise level Threat intelligence integration experience: CTI feeds, IOC management, threat actor tracking Relevant certifications such as GCIA, GCIH, GCFA, SC-200, CySA, or CISM — valued but not required where experience speaks clearly Experience working within compliance-heavy environments (ISO 27001, SOC 2, Cyber Essentials Plus) THE MINDSET WE NEED The technical skills matter, but the mindset matters more. We are looking for someone who is automation-first in their thinking, calm and decisive under pressure, and confident enough to push back when something is not working. Low ego, high output. A builder rather than a maintainer. Intellectually curious and pragmatic in equal measure. WHAT YOU WILL NOT FIND HERE A bloated tier-1/2/3 structure where analysts spend the majority of their time on false positives A rigid enterprise bureaucracy that moves at procurement speed A role where you execute someone else's vision with no real input WHAT YOU WILL FIND HERE Genuine autonomy to design the function the way you believe it should work A platform you will actually use, influence, and help evolve A company in active growth with real commercial momentum and enterprise clients The opportunity to build something you can point to as your own COMPENSATION AND PACKAGE GBP 80,000 - 110,000 Salary is dependent on experience. The right candidate will not be disadvantaged on where they sit in the range. Additional benefits and equity discussion available for the right hire.