Role Summary:

The Cyber Data Product / Technical Lead owns the strategy, roadmap, and technical delivery of cybersecurity data products that power detection, response, exposure management, compliance, and executive reporting. This role blends product leadership with hands- on technical direction-defining data models and pipelines, integrating telemetry from security platforms, enforcing data governance and security, and enabling analytics teams with reliable, scalable, and well- documented cyber data capabilities.

Key Responsibilities:

Product Leadership & Strategy:

- Define the vision, roadmap, and success metrics for cyber data products (SIEM analytics, exposure/CTEM datasets, identity risk models, data security insights).

- Translate stakeholder needs (SOC, IR, Vulnerability, Cloud, IAM, GRC, Execs) into prioritized backlogs, requirements, and release plans.

- Establish service levels (freshness, availability, quality) and manage product lifecycle, versioning, and change control.

Architecture & Data Modeling:

- Design domain models and semantic layers for cyber data (alerts, findings, assets, identities, vulnerabilities, misconfigurations, detections).

- Define canonical entities, conformed dimensions (asset, user, application, business service), and reference data (severity, ownership, environment).

- Guide patterns for SCD strategies, event schemas, CDC, and metric definitions/KPIs (e.g., MTTR, backlog burn- down, coverage).

Engineering & Integration:

- Lead the design of scalable data pipelines (ELT/ETL, APIs, streaming) to ingest telemetry from SIEM, EDR/NDR, CSPM/CIEM, ASM, vulnerability scanners, IAM/PAM, and CMDB/ITSM.

- Oversee performance, reliability, and cost optimization across warehouses/lakehouses; enforce CI/CD and testing standards.

- Drive data quality (completeness, deduplication, reconciliation), lineage, and observability (schema drift, freshness, failure alerting).

Security, Compliance & Governance:

- Implement access controls (RBAC/ABAC), RLS/CLS, encryption, and privacy- by- design for sensitive data (PII/PHI).

- Ensure alignment with security frameworks and controls (e.g., NIST CSF, CIS, SOX/PCI/HIPAA/GDPR reporting needs).

- Partner with GRC and Audit on evidence generation, data retention, and defensible documentation.

Analytics & Enablement:

- Deliver certified, reusable datasets for SOC analytics, exposure/CTEM reporting, and executive dashboards.

- Enable analysts with self- service models, data dictionaries, and query patterns (DAX/SQL).

- Mentor developers/analysts; run design reviews, best- practice sessions, and office hours.

Stakeholder & Vendor Management:

- Coordinate across security, IT, data engineering, cloud, and application teams; manage dependencies and release planning.

- Oversee vendor relationships (SIEM/CSPM/ASM/Vuln/DSPM), integrations, and licensing/capacity implications for data flows.

Required Qualifications:

Experience: 7-10+ years across data engineering/architecture or analytics engineering, with 3-5+ years in cybersecurity data domains.

Technical Expertise:

- Data Platforms: Snowflake, Databricks (Delta), BigQuery, Synapse/Fabric (or equivalents).

- Pipelines: dbt, ADF/Glue/Databricks Jobs/Airflow; REST APIs; streaming (Kafka/Event Hubs).

- Security Sources: SIEM (Sentinel, Splunk), EDR/NDR, CSPM/CIEM (e.g., Wiz, Prisma), Vulnerability (Tenable/Qualys/Rapid7), ASM, IAM/PAM, CMDB/ITSM (ServiceNow).

- Modeling/BI: Dimensional/semantic modeling; Power BI/Tableau; DAX/Power Query (M) a plus.

- Languages: Advanced SQL; Python for transformation/automation; Git- based CI/CD.

- Product Skills: Backlog management, roadmap definition, stakeholder alignment, measurable outcomes/KPIs.

- Governance & Security: Data quality practices, lineage/catalogs (Purview/Collibra/Alation), access control and privacy patterns.

Preferred Qualifications:

- Experience with CTEM analytics (risk- based prioritization using CVSS, EPSS, KEV, asset criticality).

- Knowledge of identity context (Entra/AD, SailPoint, CyberArk, Okta) for access risk analytics.

- Familiarity with DSPM/DLP (e.g., Cyera, Securiti, BigID, Guardium) and data classification.

- Exposure to metric stores/semantic layers, feature stores, or ML- ready pipelines.

- Background in regulated industries and audit- ready documentation.

Core Competencies:

- Technical Leadership: Guides architecture and delivery; raises engineering standards.

- Systems Thinking: Sees end- to- end-from sources and controls to analytics and decisions.

- Data Quality Mindset: Proactive about definitions, lineage, and reconciliation.

- Security- by- Design: Embeds least privilege, encryption, and compliance from the start.

- Product Orientation: Outcome- driven with clear value hypotheses and success metrics.

- Communication & Enablement: Translates complex designs into clear guidance and reusable patterns.

Tooling (Illustrative):

- Data & Pipelines: Snowflake, Databricks/Delta, BigQuery, Synapse/Fabric; dbt, ADF/Glue/Airflow; Kafka/Event Hubs.

- Security Sources: Microsoft Sentinel/Splunk; Tenable/Qualys/Rapid7; Wiz/Prisma; ASM platforms; Entra/AD/Okta/SailPoint; CyberArk; ServiceNow CMDB/ITSM.

- BI & Catalog: Power BI (Tabular/DAX), Tableau; Purview/Collibra/Alation; GitHub/Azure DevOps for CI/CD.