About the Role
Vodafone Egypt is seeking an experienced Cyber Defence Tech Lead to spearhead our Information Security operations and incident management capabilities. This strategic leadership role sits at the heart of our security operations center (SOC), driving the detection, analysis, and response to cyber threats across Vodafone's critical telecommunications infrastructure in Egypt. You will lead a team of security analysts and engineers, define incident response playbooks, and collaborate with global security teams to strengthen our defensive posture.
Key Responsibilities
- Lead and mentor the Cyber Defence / Incident Management team, ensuring 24/7 security monitoring and rapid incident response
- Design, implement, and continuously improve incident response frameworks, playbooks, and escalation procedures aligned with NIST and ISO 27001 standards
- Oversee Security Information and Event Management (SIEM) platform optimization, correlation rule development, and threat hunting initiatives
- Manage the full incident lifecycle: detection, triage, containment, eradication, recovery, and post-incident review
- Coordinate with Threat Intelligence, Vulnerability Management, and Red Team functions to proactively identify and mitigate risks
- Drive automation and SOAR (Security Orchestration, Automation and Response) adoption to reduce mean time to detect (MTTD) and mean time to respond (MTTR)
- Report key security metrics, KPIs, and executive dashboards to senior leadership and stakeholders
- Ensure compliance with telecom regulatory requirements (NTRA, GDPR) and internal security policies
- Collaborate with Vodafone Group Security on global initiatives, threat sharing, and capability alignment
- Manage vendor relationships for managed security services (MSSP), threat intelligence feeds, and security tooling
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field; Master's degree preferred
- 8+ years progressive experience in cyber security operations, with 3+ years in a technical lead or management role
- Deep expertise in SIEM platforms (Splunk, QRadar, Sentinel, or Elastic) and SOAR technologies
- Strong hands-on background in incident response, digital forensics, and malware analysis
- Proficiency with MITRE ATT&CK framework, threat hunting methodologies, and adversary emulation
- Relevant certifications: CISSP, CISM, GCIH, GCFA, or equivalent highly valued
- Experience securing telecommunications / ISP / critical infrastructure environments is a significant advantage
- Strong scripting skills (Python, PowerShell, Bash) for automation and tool development
- Excellent stakeholder management and communication skills — fluent in English; Arabic fluency required
- Proven ability to lead high-performing teams in a fast-paced, regulated enterprise environment
Preferred Qualifications
- Cloud security expertise (AWS, Azure, GCP) and container/kubernetes security
- Experience with OT/ICS security in telecom core networks
- Active participation in security community (conferences, CTFs, open-source contributions)
- Knowledge of 5G security architecture and associated threat landscape
Why Join Vodafone Egypt
Be part of Egypt's leading digital connectivity provider, securing infrastructure that millions rely on daily. You will work with cutting-edge security technologies, global threat intelligence, and a world-class team — driving real impact in a role that blends technical depth with strategic leadership.