We are seeking a Senior Senior Cybersecurity Operation Specialist  to lead Ministry-wide cyber incident readiness and response by  strengthening resilience, and ensuring continuous security visibility across hybrid IT, cloud, and OT environment.

Mandatory Skill(s)

• 8–10 years of experience in cybersecurity operations, SOC management, or incident response;
• Proven track record of leading or providing technical oversight during high- and critical-severity security incidents;
• Must have hands-on experience operating in complex hybrid environments spanning on-premise, cloud, and OT systems;
• Demonstrated experience establishing incident response playbooks, monitoring use cases, and operational security standards across multiple teams or agencies;
• Must have Incident response, digital forensics, malware analysis, and crisis management leadership;
• Threat intelligence and detection engineering aligned to the MITRE ATT&CK framework;
• SOC operations and security monitoring using SIEM, SOAR, EDR/XDR platforms;
• Vulnerability, exploitability, and attack surface management across IT, cloud, and OT;
• Hybrid, cloud (GCC) and OT/ICS security operations expertise;
• Cyber resilience, tabletop exercises, chaos testing, and business continuity planning;
• IT/OT asset visibility, centralised monitoring, and incident governance;
• Strong stakeholder engagement, risk communication, and executive reporting skills.

Desirable Skill(s)

• Professional certifications such as GCIH, GCFA, CHFI, CISSP, or equivalent;
• Experience designing and evaluating complex tabletop and crisis simulation exercises;
• Exposure to industrial control systems (ICS) or critical infrastructure environments;
• Hands-on experience in threat hunting and proactive detection engineering;
• Knowledge of government or multi-agency cybersecurity frameworks and governance;
• Strong technical writing and SOP development skills.

Responsibilities

• Lead and standardise Ministry-wide incident response and crisis management, including the development, governance, and continuous improvement of unified IR playbooks for ransomware, data breaches, cloud incidents, and OT-related threat;
• Provide hands-on crisis leadership and technical oversight during high- and critical-severity cybersecurity incidents, ensuring effective command, coordination, escalation, and communication across agencies and senior stakeholders;
• Establish clear incident governance models, defining roles, responsibilities, escalation paths, and decision-making authority in collaboration with Agency CIOs, CISOs, and system owners;
• Drive operational readiness and cyber resilience by designing, overseeing, and validating advanced tabletop exercises, crisis simulations, and chaos testing across the Ministry Family;
• Continuously assess incident management capabilities across agencies and lead initiatives to address gaps in people, process, and technology;
• Ensure comprehensive security monitoring and detection by onboarding systems to centralised monitoring platforms and aligning use cases to the MITRE ATT&CK framework and evolving threat actor TTP;
• Partner with agencies to maintain accurate and up-to-date IT and OT asset inventories, reinforcing the principle that effective security depends on asset visibility;
• Establish and oversee vulnerability and attack surface management across on-premise, cloud, and OT environments, ensuring prioritisation based on exploitability, business impact, and threat intelligence;
• Provide expert guidance for specialised or high-risk environments, including OT/ICS systems and non-standard architectures, enabling bespoke detection and response capabilities;
• Advocate a culture of assumed breach, resilience, and risk-informed decision-making by educating stakeholders on incident response, business continuity planning, and shared accountability for cyber risk.

If you are interested in this role, click on the “Apply to this job” button below or you could also write in with your CV to Gunjan Arora at gunjan.a@sciente.com quoting the job title.