Use Case Management Team Lead GDL

Use Case Management Team Lead

About Nearshore Cyber:

Nearshore Cyber is a specialized cybersecurity recruiting firm connecting top talent with leading organizations. We focus on identifying and placing skilled professionals in critical roles within the cybersecurity industry.

The Opportunity:

Nearshore Cyber is seeking an experienced Use Case Management Team Lead on behalf of our client, a mission-driven group of 25,000+ practical problem solvers and creative thinkers in more than 21 countries that transforms lives through the power of technology.

Our client is seeking an experienced Use Case Management Team Lead to drive the development, optimization, and deployment of detection use cases across multiple SIEM platforms. This role combines technical expertise, leadership, and customer-facing skills to manage a global team of detection engineers while providing expert cybersecurity guidance and consultation to enterprise customers. As a key member of their Security Operations Team, you will ensure that their service offerings remain at the forefront of threat detection, automation, and response capabilities, supporting their diverse client base worldwide. Your work, guidance, and expertise will have a significant impact on the organization.

Responsibilities:

• Manage and mentor a global team of detection engineers responsible for building, tuning, and optimizing detection use cases across a range of SIEM platforms.
• Consult with our customer and deploy best practices among the UCM team and MDR.
• Oversee the team's daily operations and ensure high-quality deliverables for customers, balancing customer requirements, team capacity, and timelines.
• Continuously develop and enhance the UCM service and its deliverables.
• Provide technical leadership in SIEM use case development, incident detection, and automation best practices to ensure high efficacy across a variety of enterprise environments.
• Engage directly with enterprise customers worldwide to understand their security requirements and translate them into actionable use cases and security content strategies.
• Provide expert advice and guidance on SIEM tool configuration, detection rule development, and incident response workflows tailored to each client's unique threat landscape.
• Lead the development and deployment of custom detection use cases across multiple SIEM platforms, including Google Chronicle, Azure Sentinel, Splunk, QRadar, and others.
• Continuously enhance detection capabilities by analyzing attack techniques (e.g., MITRE ATT&CK), incorporating emerging threats, and reducing false positives.
• Establish and enforce best practices for writing KQL (for Azure Sentinel), SPL (for Splunk), or equivalent query languages for other SIEMs.
• Lead customer workshops, training sessions, and regular reviews to assess the effectiveness of current detection rules and offer recommendations for continuous improvement.
• Ensure all use cases and playbooks are well-documented, including detailed descriptions, workflow diagrams, and relevant technical configurations.
• Keep up-to-date with the latest security threats, attack vectors, and techniques (e.g., MITRE ATT&CK) to ensure use cases are effective and relevant.

What You Need:

• 10+ years of experience in cybersecurity, with at least 5 years of hands-on experience in SIEM technologies such as Azure Sentinel, Google SecOps, Splunk, and QRadar as well as detection engineering.
• 3+ years of experience in a leadership or team lead role, managing or mentoring detection engineers.
• Experience supporting enterprise customers globally, with a strong understanding of the challenges and needs of large, complex environments.
• Expertise in designing, building, and tuning detection use cases across multiple SIEM platforms (Azure Sentinel, Splunk, QRadar, etc.).
• Proficiency in detection query languages (KQL, SPL, etc.) and knowledge of common detection techniques (MITRE ATT&CK).
• Preferred SIEM vendor certification of administrator.
• Familiarity with different security attack vectors and means of protection.
• Familiarity with security monitoring, incident detection, and incident response best practices.
• Strong communication and presentation skills, with the ability to explain complex technical concepts to non-technical stakeholders.
• Proven leadership abilities, with experience managing remote or global teams.
• Ability to work under pressure and balance multiple priorities while maintaining a focus on customer satisfaction.
• Strong problem-solving skills and attention to detail, with a proactive, customer-centric approach.
• University degree in information security or equivalent work experience.
• Relevant certification (e.g., GIAC GSOC, CSA, CISSP) is an advantage.

Compensation:

• The compensation range for this role is $ 90,000 to $100,000 Mexican Pesos per month.

Benefits:

Our client offers a comprehensive benefits package.

Values:

Our client proudly embraces values of Humility, Humanity, and Integrity.

Equal Opportunity Employer:

Our client is an Equal Opportunity Employer.

Skills: Security Engineer, Security, Use Case Management, Sentinel or Splunk

Note: The salary range and benefits information are based on market standards. Compensation may vary depending on the candidate's location, qualifications, and experience.