Cyber Security Lead

About the role

The Cyber Security Lead will own and mature the technical security posture of IoT.nxt across both the corporate IT environment and the IoT product and platform estate. Reporting to senior management, the role combines hands‑on security operations with strategic influence to embed security into development and infrastructure processes.

Key responsibilities

• Define and maintain security architecture for corporate IT and IoT product estate, including edge devices, cloud back‑ends and OT/IT boundaries.
• Select, configure and operate security tooling such as SIEM, SOAR, EDR, vulnerability management platforms, IAM and network security controls.
• Drive the vulnerability management programme: scanning, penetration‑testing coordination, risk‑based prioritisation and remediation tracking.
• Lead security design reviews and embed threat modelling and security requirements into the product development lifecycle.
• Assess and advise on firmware, embedded systems and IoT communication protocols (e.g., MQTT, TLS, CoAP) and coordinate product security assessments.
• Own threat detection capabilities, tune detection rules, manage alert quality and lead incident response from triage to post‑incident review.
• Reduce manual SOC workload through automation, implementing SOAR playbooks and repeatable response workflows.
• Maintain and test the incident response plan and provide technical evidence for ISO 27001 certification.
• Collaborate with IT Risk and Compliance to remediate audit findings and author technical security policies.

Required profile

• Proven experience leading security programmes in a technology‑focused organisation.
• Deep understanding of IoT security, edge devices and cloud environments.
• Hands‑on experience with ISO 27001 implementation and audit support.
• Strong ability to influence development and infrastructure teams without direct line‑management authority.
• Excellent analytical and problem‑solving skills applied to security incidents and risk assessments.

Required skills

• SIEM and SOAR platforms
• Endpoint Detection and Response (EDR)
• Vulnerability management tools
• Identity and Access Management (IAM)
• Network security controls
• MQTT, TLS, CoAP protocols
• Threat modelling
• Penetration testing coordination
• Incident response and forensics
• Automation of security workflows (SOAR playbooks)