II.
Role overview
Reference · liverole:blue-team-lead
Blue Team Lead overview
Leads defensive security operations — detection engineering, incident response playbooks, security monitoring tuning, and defensive infrastructure improvements based on red team findings.
Attributes
displayName
Blue Team Lead
isAgentic
false
requiredCapabilities
[]
requiredDomains
[]
description
Leads defensive security operations — detection engineering, incident
response playbooks, security monitoring tuning, and defensive
infrastructure improvements based on red team findings.
Outgoing edges
applies_to1
- domain:cybersecurity·DomainCybersecurity
holds_responsibility2
- responsibility:security-incident-triage·ResponsibilitySecurity incident triage
- responsibility:incident-response·Responsibility
requires_expertise3
- skill-area:security-monitoring-siem·SkillAreaSecurity Monitoring and SIEM
- skill-area:threat-detection·SkillAreaThreat Detection
- skill-area:incident-response·SkillAreaIncident Response
Incoming edges
held_by1
- responsibility:security-incident-triage·ResponsibilitySecurity incident triage
involves_role1
- workflow:security-incident-response·WorkflowSecurity Incident Response