S2 Team Lead (Manager) — Networks, Security & Escalations

Role Purpose

Why S2 Exists

S2 exists to protect client operations by owning the “hard problems”:

• Escalations from S1
  
• Networking reliability and performance
  
• Cybersecurity controls and continuous risk reduction
  
• Complex incident response and prevention
  
• Standards that scale across the client base
  

You make S2 predictable, measurable, and calm — even when production is on fire.

90-Day Mission

Definition of Done

By Day 90, S2 is running like a machine:

• Clear escalation rules, fast triage, and repeatable fixes
  
• Monitoring/alert discipline with reduced noise and faster action
  
• Network/security standards applied consistently
  
• Root-cause reduction: fewer repeat incidents, fewer recurring tickets
  
• Scoreboards visible weekly, with accurate BU reporting
  
• Engineers accountable, trained, and shipping quality work
  

Primary Outcomes

What Success Looks Like

Operational

• Reduced repeat escalations and “same-issue” tickets
  
• Faster resolution on high-severity incidents
  
• Stable client networks (uptime, performance, fewer outages)
  
• Security posture improving across clients (coverage + controls)
  

Leadership

• Clear role ownership inside S2
  
• Strong daily/weekly rhythms (triage, prioritisation, reviews)
  
• Coaching and upskilling happening continuously
  
• SOP discipline is real (not optional)
  

Commercial

• S2 projects scoped cleanly, delivered profitably, and documented
  
• BU Sales Consultant supported with accurate scope/BOM and commercial clarity
  
• Work is invoiced cleanly through the BU commercial process (no revenue leakage)
  

Key Responsibilities

Escalations Leadership (Core)

• Own the S1→S2 escalation pathway (definitions, priorities, exit criteria)
  
• Ensure triage happens quickly with clear comms and next steps
  
• Drive incident resolution to completion (not “workarounds” only)
  
• Implement preventive measures to reduce repeat escalations
  
• Maintain escalation SOPs and train S1 on what “good escalation” looks like
  

Networking Operations (Core)

• Own client network standards: switching, routing, Wi-Fi, firewall config standards
  
• Ensure documentation and diagrams are current and usable
  
• Improve stability and performance through proactive maintenance
  
• Implement change control for network changes (risk management)
  

Security Operations (Core)

• Own baseline security controls and continuous improvements
  
• Ensure patching, vulnerability remediation, endpoint standards and identity/access basics are enforced (as per your stack)
  
• Lead incident response for security events (containment, remediation, reporting)
  
• Create and maintain security runbooks and client security improvement roadmaps
  

Monitoring, Alerting and Response Discipline

• Ensure monitoring is meaningful (reduce alert noise, increase signal)
  
• Define response rules: who acts, when, and how
  
• Track MTTA/MTTR and improvements over time
  

Projects and Delivery Management (with S3 and BU Sales Consultant)

• Produce clean technical scope, BOMs, and project plans
  
• Ensure delivery quality, sign-off, and handover documentation
  
• Prevent scope creep and uncontrolled “free work”
  
• Coordinate with S3 where cloud/automation overlaps
  

People Leadership and Performance

• Set clear roles and expectations for S2 engineers
  
• Weekly 1:1s and skill development plans
  
• Run peer reviews and post-incident reviews
  
• Hire/interview input where needed
  

SOP and Quality Enforcement (Non-Negotiable)

• Build/maintain S2 SOPs: escalation, network changes, firewall rules, incident response, documentation standards, handovers
  
• Audit compliance and correct behaviour fast
  
• “Stop-the-line” rule: unclear scope = clarify before executing
  

KPIs / Scorecard

Weekly + Monthly

Operational Metrics

• Escalations received vs resolved (weekly)
  
• Repeat escalation rate (same client/same root cause)
  
• MTTA (mean time to acknowledge) for critical incidents
  
• MTTR (mean time to resolve) for critical incidents
  
• Network incident count and downtime minutes (where measurable)
  
• Change failure rate (changes that cause incidents)
  

Security Metrics

• High-risk findings opened vs remediated
  
• Patch compliance / remediation SLA adherence
  
• Security incidents: count, severity, containment time
  
• MFA/identity control coverage (where applicable)
  

Quality & Compliance

• Documentation completeness score (diagrams, configs, passwords/secure vault references, runbooks)
  
• SOP compliance audit score
  
• Ticket quality (notes, root cause, resolution steps)
  

Commercial / Delivery

• Project delivery on time/on scope
  
• Rework rate
  
• Scope/BOM handoff quality to BU Sales Consultant
  
• Revenue leakage incidents (missed billables due to poor handoffs) — target: zero
  

Non-Negotiables

Behavioural Rules

• Calm and decisive under pressure
  
• Documentation is part of the job, not a “nice to have”
  
• No hero culture: systems beat legends
  
• Strong handoffs and cross-BU collaboration
  
• SOP compliance is enforced, not suggested
  

30 / 60 / 90-Day Plan

Operational, Decentralised Command Aligned

Days 0–30: Stabilise and Create the Operating System

• Audit current S2 load: top 20 recurring escalations + top 10 client risks
  
• Define escalation entry criteria + minimum info required from S1
  
• Implement weekly S2 scoreboard and review cadence
  
• Create/update top 10 SOPs (escalation, firewall change, incident response, documentation standard)
  
• Start post-incident reviews for critical events
  
• Quick wins: reduce alert noise, fix the loudest repeat problem
  

Deliverables by Day 30

• S2 escalation SOP + S1 escalation checklist
  
• Scoreboard live weekly
  
• Documentation baseline standard published
  
• First reduction in repeat escalations trend
  

Days 31–60: Improve Quality, Speed, and Standards

• Establish standard network/security baselines across clients (phased)
  
• Introduce change control discipline for risky changes
  
• Start skills development plans for S2 team members
  
• Improve MTTR by tightening triage, comms, and ownership
  
• Build a prevention backlog (root-cause fixes prioritised by impact)
  

Deliverables by Day 60

• Visible reduction in repeat escalations
  
• Network/security baseline rollouts started (tracked)
  
• Monitoring/alert response rules formalised
  

Days 61–90: Scale Predictability and Commercial Impact

• Mature incident response and post-incident learning loop
  
• Reduce reactive load through prevention work
  
• Tighten project handoffs to BU Sales Consultant (scope/BOM quality)
  
• Ensure billing capture discipline: no work without traceable scope and handover
  
• Create S2 “playbook” for recurring scenarios
  

Deliverables by Day 90

• S2 runs predictably with measurable improvements
  
• Prevention engine operating (fewer repeats)
  
• BU reporting reliable enough for forecasting and planning
  

Benefits

Earning Potential

Your income should grow when your performance drives stability, security, and operational excellence.

This is a leadership role where your impact on uptime, risk reduction, and delivery quality directly contributes to business performance.

This is how we do that at Ello:

• Competitive, market-related salary aligned to leadership level
  
• A role built around ownership, performance, and measurable outcomes
  
• Opportunity to increase your value as your operational impact grows
  

Performance Recognition

Not just activity. Leadership, accountability, and real operational results.

At Ello Technology, we value leaders who reduce chaos, build systems, and create predictable outcomes.

This is how we do that at Ello:

• We recognise strong technical leadership and decision-making under pressure
  
• We value consistency, discipline, and execution
  
• We reward improvements in uptime, stability, and team performance
  
• We make meaningful contributions visible and appreciated
  

Career Growth

This should feel like a step into serious technical and operational leadership.

We are looking for someone who wants to grow into broader responsibility across infrastructure, security, and operations.

This is how we do that at Ello:

• Exposure to cross-BU technical leadership and strategic decision-making
  
• Opportunity to grow into senior operations or architecture leadership roles
  
• Increasing ownership as systems mature and performance is proven
  
• A performance-led environment where strong leaders can rise
  

Coaching and Development

Good engineers solve problems. Great leaders build systems, teams, and standards.

This role gives you the opportunity to grow beyond technical execution into leadership and operational excellence.

This is how we do that at Ello:

• Hands-on leadership experience with a high-impact technical team
  
• Exposure to performance systems, scorecards, and operational structure
  
• Continuous learning through real-world incident response and improvement
  
• Feedback that is direct, practical, and designed to help you lead better
  

Meaningful Work and Culture

High standards. Strong support. Real impact.

At Ello Technology, S2 is responsible for the most critical client environments. Your work directly affects uptime, security, and business continuity.

This is how we do that at Ello:

• You protect and improve real business operations
  
• You reduce risk and build stronger client environments
  
• You operate in a driven, ambitious environment where standards matter
  
• You help create a business that is stable, scalable, and trusted