Cybersecurity Tech COE leader

At Microland, we do mission-critical work for great companies. We specialize in Cybersecurity solutions, Digital Transformation journey and business automation roadmaps.

Our Cybersecurity experts are results-obsessed, focused and flexible, highly engaged and hugely experienced. Those qualities are what make us different than old-school Information Security Operations Centers. And surely, they are why clients and partners describe us as the gold standard in client experience.

Microland has been recognized as the Key Challenger & Market leader in Cybersecurity business by several leading market research agencies. Therefore, we are also considered as The Partner of choice by our target customers due to our Nimble yet

Customer-obsessed culture.

About this Role :

We are growing our Global Cybersecurity Business and seeking a Cybersecurity Center of Excellence (CoE) Leader to strengthen our Global Cybersecurity Delivery practice. Reporting to the Head of Technology Delivery, this role blends engineering, compliance, red / purple team leadership, and innovation, specifically focusing on SOC & Cloud Security practices, to help clients improve their cybersecurity posture.

This is a hands-on leadership role - you’ll be building capabilities, leading teams, engaging with clients, and shaping next-generation cybersecurity services.

Key Responsibilities

Innovation, Thought Leadership & Client Enablement

Create cybersecurity innovations and technical solutions that address market / customer needs, opportunities, or problems.

Create and deliver white papers, presentations and demos for client / prospect meetings, industry events, and conferences.

Support CoE infrastructure, processes and knowledge management; demonstrate curiosity and a problem-solving mentality.

Contribute to business-facing deliverables and thought leadership to support client engagements.

Assessments, Frameworks & Risk Evaluation

Perform cybersecurity assessments using formal frameworks (FedRAMP, NIST, PCI, NIST CSF and equivalents).

Conduct compliance readiness, vulnerability and risk assessments and evaluate technical security architecture and controls.

Analyze and synthesize cyber and log information with other data sources; fuse computer network attack analyses with threat intelligence to evaluate and interpret risk.

Conduct analysis on network traffic, large sets of logs and other security data for breach analysis.

Offensive Security — Red Team & Ethical Hacking

Hands-on red teaming and ethical hacking across technologies (network, applications, mobile, embedded, ICS / SCADA, wired / wireless).

Create red team attack scenarios focusing on weakest entry points, creative multi-method testing, stealth, pivoting, privilege escalation, and covert persistence.

Execute social engineering, phishing, physical security testing and other human-element attacks.

Stay on top of fast-changing red team TTPs and associated tools to deliver successful services.

Design and deliver advanced offensive capabilities to identify new security solutions.

Defensive Understanding & Collaboration (Blue Team / SOC)

Understand and work with defensive teams : Blue Team, SOC, monitoring and response (SIEM, IDS / IPS), EDR (including bypass techniques), and overall detection & indicator concepts.

Create effective red team activities to test defensive controls (e.g., developing / using malware, pivoting, stealthy techniques) and help defenders improve.

Collaborate with CIRC Team to perform “devil’s advocate” simulations against organizational detection and prevention capabilities.

Exercises, Simulations & Purple Teaming

Create and design attack simulations : Tabletop Exercises, Attack Simulation Exercises, Blue-Red Team Exercises with intelligence-led tactics, techniques and procedures.

Ensure gaps identified from simulations are remediated with assistance from the CIRC Team.

Host quarterly Purple Team exercises to identify unknown gaps; collaborate with stakeholders to execute, document, curate and present results.

Incident Response, Forensics & Operations

Perform client operations and incident response activities; utilize security technologies including SIEM, IDS and HBSS.

Conduct DFIR and forensic investigations and integrate findings into broader threat analysis and remediation actions.

Vulnerability Validation & Remediation

Validate and propose solutions for public Proof-of-Concept Remote Code Execution exploits; determine risk and impact to the organisation.

Proactively identify remediation and patching courses of action and work with responsible teams to implement fixes.

Labs, Tooling & Research

Organize and manage the Microland AG Hackers Lab in APAC, including creating hacking workbenches for department use.

Keep up to date with the most recent hacking tools and frameworks; explore functionality and proactively identify detection gaps with the CIRC Team.

Be comfortable learning and adopting new OS, tools, development languages and online technologies.

Cloud, IAM & Third-Party Tools

Knowledge of public cloud security services (VPC, data encryption, public / private key security, etc.).

Ability to architect and engineer cybersecurity methodologies and frameworks for AWS, Azure and GCP.

Knowledge of Identity & Access Management tools (SailPoint, Ping, or similar).

Understanding and use of third-party security tools such as RSA, McAfee, Splunk, etc.

Communication, Leadership & Mentoring

Strong communication skills and ability to work with all stakeholders (internal and external), advise and implement the best solutions.

Leadership and teamwork mentality : mentor colleagues, help them develop, and improve team capabilities.

Maintain a hands-on mentality while providing strategic leadership and capability building.

Skills & Technical Expertise

Red & Purple Teaming, Phishing, Social Engineering, AppSec, Infosec, Penetration Testing (Pentest)

TTPs, Threat Analysis, Threat Modeling, EDR, SOC, SIEM, IDS / IPS

Forensic Investigation, DFIR, Networks / Systems / Applications, IOCs, IOAs

Malware development, Malware analysis, Reconnaissance, Weaponization, Delivery, Exploitation, C2 (Command & Control), Lateral Movement

Ethical Hacking, Web Application Security, Mobile Security, Device Testing

Tools & scanners : Burp, Nessus, Nmap, Ncat (and equivalents)

Scripting and platforms : Linux, Windows, OSX; various scripting / development languages and automation tools

Certifications / skills referenced : OSCP, OSCE, GPEN, GXPN, GMON (and equivalent practitioner skills)

Qualifications :

12+ years experience in security operations or analytical roles, preferably in enterprise environments.

Strong knowledge of infrastructure security, vulnerability management, risk assessments, and cybersecurity policy development.

Understanding of IT / security controls, compliance readiness, and technical security architecture / design / implementation.

At least one recognized certification (CISSP, CEH, CCSP, GSEC, GIAC, etc.); experience with SIEM and SOAR platforms preferred.

Experience working in Agile environments with excellent leadership, team management, and communication skills.

Ability to work independently, mentor teams, and contribute to business development / sales opportunities in cybersecurity.

Entrepreneurial mindset with interest in helping grow and scale business practices.

Bachelor’s degree in computer engineering, cybersecurity or related field is required

Management consulting experience is preferred.

Willingness to travel up to 20%.