Senior Security Lead

“Can you build and lead an AI-native Security team that protects our people, our customers, and our reputation — while helping define the future of security services in a human-plus-AI world?” 

As a frontier partner, we grow through great people, smart tech, and teamwork between humans and AI.

Cloud Direct is evolving its security capability to protect our organisation and the customers that depend on us. As our Senior Security Lead, you will be the architect and operational owner of this capability — shaping detection and response, guiding the use of automation and AI across the Microsoft Security stack, and building a high-performing Security team. This role offers the opportunity to help define modern, AI-enabled security services that combine expert judgement with intelligent automation. 

This is a hands-on leadership role. You will define detection logic, lead incident response, mentor analysts, and report directly to the CEO and leadership team. You will shape not only how we defend ourselves but how we bring modern security capabilities to market.

What You’ll Do:

Security Platform Architecture & Build: 

• Design the end-to-end security monitoring and response capability using Microsoft Sentinel, Microsoft Defender, and the wider Microsoft Security stack. 
• Architect the security platform and operating model so it can scale effectively across internal and customer environments over time. 
• Assess the current Microsoft estate and identify opportunities to strengthen security outcomes through better use of existing capabilities, automation, and AI. 
• Define and deploy log-ingestion strategy across endpoints, identity (Entra ID), email, and cloud workloads. 
• Shape the use of complementary Microsoft Security capabilities to improve visibility, prioritisation, and response across the environment. 

Detection Engineering & Threat Response: 

• Develop and tune Sentinel analytics rules, KQL queries, and automated playbooks to detect high-priority threats across identity, endpoint, collaboration, and cloud workloads. 
• Author and maintain investigation runbooks and standard operating procedures for all alert categories. 
• Act as the primary escalation point for P1/P2 security incidents, coordinating containment, eradication, and recovery. 
• Lead proactive threat hunting, purple-team collaboration, and continuous improvement activities to strengthen coverage and resilience. 

Team Leadership & Mentoring: 

• Lead and develop security analysts, creating clear operating rhythms, coaching, and capability growth across the team. 
• Define a pragmatic coverage and escalation model that balances human expertise, automation, and intelligent assistance. 
• Mentor team members in modern detection, investigation, response, and security engineering practices across the Microsoft ecosystem. 
• Foster a culture of continuous learning through tabletop exercises, post-incident reviews, and knowledge sharing. 

Operational Reporting & Governance: 

• Produce regular security performance reporting for leadership, covering operational trends, incident themes, and opportunities for improvement. 
• Integrate security workflows with ServiceNow for case management and Dynamics for commercial pipeline tracking. 
• Own security-related compliance and audit readiness for UK GDPR (ICO) and South Africa POPIA. 

Commercial Security Service Development: 

• Partner with Sales and Pre-Sales to shape a modern managed security service aligned to customer needs and the Microsoft Security opportunity. 
• Define service outcomes, onboarding approaches, and operating principles for customer-facing security services. 
• Contribute to the evolution of Cloud Direct’s broader security services strategy and go-to-market proposition. 

What We’re Looking For:

• Strong hands-on experience in security operations, incident response, detection engineering, or security engineering. 
• Deep expertise with Microsoft Sentinel (KQL, analytics rules, playbooks, workbooks) and the Microsoft Defender suite. 
• Proven experience building or significantly maturing a security operations capability — ideally within an MSP, MSSP, or multi-tenant environment. 
• Strong knowledge of MITRE ATT&CK, common adversary TTPs targeting MSPs, and threat-hunting methodologies. 
• Experience leading, mentoring, and developing junior security analysts. 
• Excellent communication skills — able to translate technical findings into clear, actionable reports for senior leadership. 
• Relevant certification: GIAC GCIH, Microsoft SC-200, or equivalent. 

Highly Desirable:

• Experience designing or operating a commercial managed security or MDR offering. 
• Familiarity with Microsoft’s extended detection, response, and security operations capabilities across endpoint, identity, email, and cloud. 
• Working knowledge of ServiceNow (SecOps module), Entra ID, Intune, and Azure Arc. 
• Understanding of UK GDPR/ICO and South Africa POPIA compliance requirements. 
• Additional certifications: CISSP, CISM, GSOM, or Microsoft SC-100. 
• Background in MSP toolchain security (RMM, remote access, PSA platforms). 

What We Offer:

• Responsible Time off (uncapped annual leave)
• Group Life Cover /Disability Income Cover/ Trauma Insurance Cover (Injury / Disability)
• Fitness Cash Contribution
• Pension Fund Contribution
• Medical Insurance Contribution
• Employee Assistance Programme
• Enhanced Maternity & Paternity Leave
• Endless Growth Opportunities: We provide ample opportunities for professional development, mentoring, and advancement.
• Culture of Excellence: We foster a high-performance culture that recognizes and rewards exceptional talent.

At Cloud Direct, we believe that diversity, equity, and inclusion are essential to our success. We are committed to creating a workplace where everyone feels valued, respected, and empowered. We welcome applicants from all backgrounds and strive to build a team that reflects the diverse communities we serve. We encourage candidates of all races, ethnicities, genders, sexual orientations, ages, abilities, and socioeconomic statuses to apply.