As part of our Cyber Technology Consulting team, you will lead and manage Security Operations Center (SOC) transformation and Threat Management engagements for clients across the MENA region. This includes designing, implementing, optimizing and managing SOC capabilities, threat detection and response strategies, and cyber defense operations. You'll collaborate closely with clients to mature their security operations while also driving innovation and growth within our Cyber Advisory offerings.

The opportunity

We are seeking a Senior Manager / Director with deep domain experience in Security Operations, Threat Detection, Threat Intelligence, and Incident Response to join our Cybersecurity team. This is an exciting opportunity to advise senior client executives, build lasting relationships, and help organizations strengthen their cyber defense posture, proactively detect threats, and respond effectively to incidents.

Your key responsibilities

• Oversee delivery of cyber threat monitoring, threat hunting, and incident response engagements for a diverse range of clients.
• Lead the design, implementation, and optimization of Next-Gen SOCs, including people, process, and technology components.
• Act as subject matter resource and advocate for specific client security technologies.Advise clients on 24x7 monitoring strategies, incident escalation workflows, incident playbooks and SOC operational design.
• Lead major security incident response efforts and cyber crisis simulation exercises, acting as the strategic advisor to client leadership.
• Drive the development of detection content, use cases, alert logic, and detection engineering strategies for SIEM, SOAR, EDR/XDR and threat intelligence platforms.
• Conduct SOC maturity assessments, gap analysis, and develop transformation roadmaps aligned with NIST CSF, MITRE ATT&CK, and regional regulations.
• Integrate threat intelligence platforms, contextual enrichment, and TTP-based detection methods into client environments.
• Manage client relationships, project delivery, resource plans, budgets and quality.
• Present high-quality technical findings and executive-level reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders.
• Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices.
• Mentor and grow a high-performing cybersecurity team, and support capability building across the practice.
• Contribute to business development, proposals, and strategic growth initiatives.

Skills and attributes for success

• Strong technical knowledge of modern SOC technologies, including SIEM, SOAR, EDR/XDR, and NDR solutions.
• In-depth understanding of the threat intelligence lifecycle, attacker TTPs, and emerging threats such as APT, ransomware and insider threats.
• Hands-on knowledge of MITRE ATT&CK, NIST and incident handling best practices.
• Experience designing detection strategies, use cases, KPIs, and SOC operating models.
• Ability to communicate technical/complex cyber risks and threats effectively to both technical and non-technical stakeholders, including senior management.
• Proven experience managing large-scale SOC transformation or threat detection programs across diverse client environments.
• Collaborating with other members of the engagement team to develop the engagement plan, timelines, risk assessments and other documents/templates.
• Ability to analyze and interpret complex technical results and present insights to business stakeholders.
• Strong business acumen, engagement management, and team leadership experience.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent communication and collaboration skills

To qualify for the role, you must have

• A bachelor's or master’s degree in Information Technology, Computer Science, cyber security or a related field..
• Strong business development/ account management and client relationship skills
• Excellent verbal and written communication skills with a consulting mindset.
• 10+ years of experience in Security Operations, Threat Management, or Incident Response.
• A valid passport and willingness to travel as required for client engagements.

Ideally, you’ll also have

• Industry-recognized certifications such as GCIA, GCED, GCIH, GCFA, CISSP, CCSP, or equivalent.
• Familiarity with threat intel feeds (e.g., MISP, Anomali, Recorded Future) and TIP platforms.
• Experience integrating AI/ML use cases into SOC environments (e.g., behavioral/anomaly detection use cases).
• Exposure to SOC-as-a-Service delivery models, hybrid SOC architectures, and MSSP integration.

What we offer

We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.