As the Team Lead – Threat Operations, you will be responsible for leading a high-performing team of Threat Analysts within our 24x7 Managed Detection and Response (MDR) environment. This role combines people leadership with deep technical expertise, ensuring operational excellence in threat detection, investigation, and response.
You will provide strategic oversight and day-to-day supervision of analysts, manage case workflows, and drive continuous improvement of threat handling processes. As a people leader, you’ll conduct regular 1:1s, coach team members, develop individualized growth plans, and guide performance reviews to foster both professional and technical development.
This role also requires cross-functional collaboration to improve tooling, optimize workflows, and ensure high-quality case handling. You’ll act as a mentor during complex investigations, lead retrospectives and strategic reviews, and interface directly with your team to deliver technical context and support during live incidents.
The ideal candidate is a seasoned threat operations professional with strong leadership capabilities, a passion for mentoring, and a commitment to delivering high-quality threat detection and response outcomes.
Maintain supervision over the daily queue and provide day-to-day oversight for threat analysts
Conduct regular one-on-one meetings with team members to provide coaching, mentorship, and support individual development plans that define clear performance goals
Carry out operational tasks with a focus on rapid resolution, improving efficiency, and reducing backlog
Oversee and coach analysts in providing accurate, timely technical context to customers, ensuring consistency, clarity, and adherence to MDR communication standards
Communicate findings and investigation details effectively to both technical and non-technical stakeholders.
Collaborate with the wider MDR team to operationalize threat intelligence and produce Indicators of Compromise (IOCs) for future use
Provide triage, data collection, and overall support towards customer escalations
Champion continuous improvement efforts to refine incident response and threat detection methodologies
Escalate critical technical investigations to Senior Analysts and Senior Team Leads for review
Work within established frameworks that lead to success factors for the team
5-6 years of experience within a cybersecurity environment as an analyst or similar role
Experience in a security operations center, or similar environment, and identifying indications of compromise or attack and responding to incidents
Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience
Willingness to work outside of standard business hours, including weekends and holidays – our MDR service is 24x7x365
Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.
Excellent communication and problem-solving abilities
Innovative mindset for adapting to changes and learning new skills quickly
Comfortable with shift-based work and cross-regional coordination
Morgan Stanley
Edges Wellness Center LLC
WSP in Canada
Digitalenta
Cox Automotive Inc.
Sophos
Sophos
Sophos