GURUGRAM · FULLTIME
Technical Lead – Cybersecurity
KestrelSec India Private Limited
Gurugram · onsite · Posted 1d ago
Your match
Sign in to see your match score, skill gaps & tailored resume.
Section · 01
About this role
Role Overview: KestrelSec is looking for a Technical Lead – Cybersecurity to anchor our delivery practice and raise the technical ceiling of our engineering team. This is a senior individual-contributor role with team leadership responsibility. You will own the most complex client engagements end-to-end, leading VAPT assessments, designing SOC architectures, hardening cloud environments, and setting the quality bar for everything the team ships. You won't just execute; you will define how KestrelSec delivers.
Key Responsibilities :
- Technical Leadership & Team Mentoring: Lead a team of 3–6 cybersecurity engineers. Set quality standards for all technical deliverables, conduct methodology and report reviews, and own the handson development of junior and mid-level engineers. Drive the team's technical growth roadmap.
- Advanced VAPT & Red Team Operations: Lead and execute complex penetration testing engagements across network, web application, API, mobile, cloud, and Active Directory environments. Define engagement scope, methodology selection, and final reporting quality. Develop custom attack tooling where off-the-shelf approaches fall short.
- SOC Architecture & Detection Engineering: Design and optimise SOC workflows, detection logic, and SIEM/SOAR playbooks across platforms (Splunk, IBM QRadar, Microsoft Sentinel). Author custom correlation rules and automated response playbooks. Lead threat hunting exercises and post-incident reviews using MITRE ATT&CK frameworks.
- Cloud Security Architecture & Assessment: Architect and assess security controls in AWS and Azure environments, IAM privilege paths, network segmentation, CSPM, CWPP, container and Kubernetes security, and DevSecOps pipeline integration. Produce prioritised cloud hardening roadmaps for clients.
- Security Architecture & Design Review: Serve as KestrelSec's senior technical voice in client architecture reviews. Identify design-level security gaps, recommend compensating controls, and produce HLD/LLD security architecture documentation that clients can act on.
- Incident Response & Digital Forensics: Lead client IR engagements—scope containment, evidence acquisition, root-cause analysis, and executive debrief. Build and maintain IR playbooks for common attack scenarios (ransomware, BEC, insider threat, cloud compromise).
- Security Automation & Tooling: Drive development of internal automation frameworks, custom scripts, and reusable tooling (Python, Bash, Go) that improve team efficiency, assessment consistency, and service delivery quality across engagements.
- Compliance, Reporting & Stakeholder Communication: Produce and review high-quality technical reports and executive summaries for enterprise and Government / PSU clients. Accurately map findings to compliance frameworks (ISO 27001, NIST CSF, CERT-In directives, DPDP Act, NCIIPC guidelines). Present risk findings directly to CISOs and senior stakeholders with clarity and without unnecessary alarm.
Qualification & Technical Profile:
- Education: Bachelor's degree in Computer Science, Information Security, or a related discipline.
- Technical Depth: Expert-level proficiency in at least two of: network/web/API/cloud penetration testing, Active Directory attack & defence, SOC and detection engineering, cloud security (AWS/Azure), or DFIR. Breadth across domains is valued.
- Offensive & Defensive Tooling: Hands-on command of Metasploit, Cobalt Strike, Burp Suite Pro, BloodHound, Impacket, Splunk/Sentinel/QRadar, and EDR platforms (CrowdStrike, SentinelOne, Defender). Ability to develop custom tooling and detection logic in real-world environments.
- Automation: Proficiency in Python; working knowledge of Bash, PowerShell, or Go. Experience building reusable security tooling or CI/CD security integrations.
- Experience: 5+ years in cybersecurity delivery (VAPT, SOC, cloud security, red teaming, or DFIR), with at least 2 years in a senior or lead capacity. Consulting, MSSP, or enterprise security function background preferred.
- Certifications (Preferred): Offensive: OSCP, OSEP, CRTE, or CRTO. Broad: CISSP, CISM, or SANS GIAC (GPEN, GWAPT, GCIH). Cloud: AWS Security Specialty or Microsoft SC-100 / AZ-500. Hands-on credentials strongly preferred over exam-only.
Sourced from linkedin · view original
Let the agent run this one for you.
Tailored resume, auto-apply, and referral lookup — in under 2 minutes.
Section · 02