Cyber Defense Team Lead

Cyber Defense Team Lead

Join to apply for the Cyber Defense Team Lead role at APi Group.

Location:

New Brighton, MN - hybrid

At APi Group, our enduring purpose is Building Great Leaders®. We grow our people and our business, invest in the safety and well‑being of our teams and communities, and connect through meaningful relationships that fuel progress. With over 500 locations worldwide, we are a global leader in safety and specialty services, driven by entrepreneurial spirit and a commitment to excellence.

The Cyber Defense Team Lead is a key leadership role within our global Cyber Defense Operations function. This position leads our North American cyber defense team, supporting all businesses across the US and Canada while providing day‑to‑day guidance, technical oversight, and clear direction across incident response, security operations, and analyst development.

• Team Leadership and People Management. Lead and manage the North America Cyber Defense analysts, providing clear direction, coaching, and day‑to‑day support. Run regular 1:1s, development conversations, and performance reviews to build capability and maintain high standards. Foster a confident, collaborative team that delivers consistent operational results.
• Incident Response Leadership. Serve as Lead Responder for security incidents, providing calm, structured decision‑making under pressure. Lead post‑incident reviews, ensure lessons learned are captured, and coordinate closely with IT, Legal, Audit, and the DPO where required. Oversee the on‑call schedule and ensure high‑quality incident execution across the team.
• Security Operations and Technical Oversight. Act as the technical escalation point for analysts, providing guidance on complex investigations and ensuring high standards of analysis. Partner with our global MSSP to improve alerting, tuning, and automation, and drive continuous optimization across our security operations. Support alignment with UK and European teams to maintain consistency in processes and outcomes.
• Metrics, Reporting and Briefing. Own the North America contribution to the global Monthly Security Operations Brief, ensuring data is accurate, timely, and clearly explained. Work closely with international counterparts to ensure a consistent global view of cyber defense performance.
• NIST Cybersecurity Framework Progress. Support delivery of the organization’s NIST CSF targets. Track assigned actions, monitor progress, and ensure tasks are completed to the required standard. Coordinate remediation work across teams, remove blockers where possible, and provide clear, regular updates to leadership.
• Business Collaboration. Work closely with colleagues in the UK and France to ensure consistent processes and shared standards across global Cyber Defense Operations. Build strong working relationships with engineering, IT, HR, Legal, Audit, and other stakeholders to support smooth incident response and operational alignment. Represent the North America team in global discussions and help drive coordinated improvements across regions.

• Previous experience as a Cyber Security Analyst, either directly within a business or providing a service within an MSSP.
• Strong incident response background with clear evidence of sound judgment under pressure.
• Proven ability to lead, mentor or guide junior analysts in day‑to‑day investigations.
• Clear and concise written and verbal communication skills, with the ability to brief both technical and non‑technical audiences.
• Ability to act as the technical escalation point for the security analysts for complex cases and operational decisions.
• Experience with the Azure security stack (Defender, Sentinel, Purview) or comparable technologies such as AWS and other SIEM or SOAR at an advanced level.
• Ability to work effectively with an MSSP and drive tuning, quality, and workflow improvements.
• Strong analytical skills with the ability to produce actionable, insight‑driven recommendations.

• Experience with Azure Security, Microsoft Sentinel, or the broader Microsoft Defender ecosystem.
• Knowledge of Entra , Purview, or related cloud security and governance tools.
• Familiari…