InfoSec & SecOps Lead

We are seeking a skilled and experienced InfoSec & SecOps Lead to join Alice (Formerly ActiveFence) CISO team. The ideal candidate will be responsible for driving the security initiatives.

Responsibilities:

• Maintain holistically security corporate architecture and Hardening, including network, systems, applications. Evaluate and implement security remediations to enhance the organization security posture.
• Corporate Security: Oversee security measures, including access control, surveillance, and emergency response planning. Manage relationships with external security vendors related to TPRM and IR.
• Experience among others on SSPM/SaaS security, IDP, SIEM/SOC, Including conducting threat modeling exercises to identify potential vulnerabilities and risks where required.
• Security Operations: Oversee the day-to-day security operations, including monitoring, incident response, Analyze security logs and alerts to identify & respond to security incidents. Conduct regular security assessments and manage the remediations program. Develop and maintain an effective incident response plan.Conduct post-incident reviews to identify lessons learned and improve future response efforts.
• Experience with Vulnerability Management: Identify, prioritize vulnerabilities. Monitor and track vulnerability remediation efforts.
• Collaborate with other teams within the organization to ensure the overall security posture is maintained. This may include working with IT, Devops, R&D, G&A to implement security policies and technical security procedures. Including all business units, educate employees on security best practices.
• AI Governance: Partner with Business Units to create safe-use guardrails for AI. Conduct security reviews for internal AI implementations, ensuring adherence to frameworks like the OWASP Top 10 for LLMs.
• Data Driven Metrics: Develop automated dashboards that track real-time security health, focusing on MTTR and reducing manual "toil" for the Security.

Must Have-

• Security Automation & Orchestration: Proven ability to transition from manual SOC workflows to Automated Incident Response. You must have hands-on experience building playbooks that automate repetitive tasks.
• AI-Driven Threat Detection: Experience leveraging AI/ML capabilities within modern stacks (e.g., Coralogix/Splunk anomaly detection or Okta Identity Threat Protection) to identify "low and slow" attacks that bypass traditional signature based rules.
• Secure AI Adoption: Foundational knowledge of securing LLMs and Generative AI tools. Ability to evaluate risk in the AI supply chain.
• Bachelor's degree in Computer Science, Information Security, or a related field.
• 4+ years of Infosec & Secops Hands-On experience, among others in the start-up and fully cloud based industries.
• Strong Experience among others with Okta, Adaptive Shield/Astrix, Coralogix/Splunk, Endpoint security, Network security, and similar security tools. 
• Expertise in security technologies, WAF, endpoint security solutions. Knowledge of cloud security and cloud-based security tools
• Experience with cloud platforms (AWS, GCP).
• Strong understanding of security frameworks and standards (e.g., NIST, CIS). Experience with security incident response and investigation.
• Strong understanding of security principles, risk assessments, vulnerability management.
• Knowledge of security orchestration, automation, response tools. 
• Ability to work effectively in a team environment. Excellent written and verbal communication skills. 
• Excellent analytical & problem solving skills. Strong communication & interpersonal skills.
• Must be able to work independently and as part of a team. This position may require occasional on-call or after-hours work.

Advantage:

• Relevant certifications such as CISSP, CISM, CEH, CompTIA Security+,SSCP preferred.
• Familiarity with scripting languages (Python, NodeJs) and automation tools.