Security Operations Center (SOC) Lead / Manager IRC295249

Description

The Security Operations Center (SOC) in Krakow is part of the global Cybersecurity Operations and Managed Security Services (MSSP) organization, responsible for delivering 24/7 security monitoring, threat detection, incident response, and continuous security operations support for enterprise customers across multiple regions. The department provides centralized cybersecurity monitoring and operational support services, leveraging advanced security technologies, threat intelligence, SIEM, EDR/XDR, and automation platforms to detect, analyze, investigate, and respond to cybersecurity threats in real time. The SOC team works closely with internal cybersecurity engineering teams, infrastructure teams, customers, and external partners to ensure effective protection of customer environments, continuous improvement of detection capabilities, and operational excellence. We are looking for an experienced SOC Lead / SOC Manager to lead and scale Security Operations Center (SOC) services, ensuring high-quality security monitoring, incident detection, response, and continuous improvement of cybersecurity operations for enterprise customers. The role requires strong leadership, operational management, stakeholder communication, and hands-on experience in SOC environments. Due to the nature of the job, the work model is hybrid in Kraków. #LI-TZ1

Skills

• Security

• SIEM (Security Information and Event Management)

About GlobalLogic

• GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.

What we offer

• Empowering Projects: With 500+ clients spanning diverse industries and domains, we provide an exciting opportunity to contribute to groundbreaking projects that leverage cutting-edge technologies. As a team, we engineer digital products that positively impact people’s lives.

• Empowering Growth: We foster a culture of continuous learning and professional development. Our dedication is to provide timely and comprehensive assistance for every consultant through our dedicated Learning & Development team, ensuring their continuous growth and success.

• DE&I Matters: At GlobalLogic, we deeply value and embrace diversity. We are dedicated to providing equal opportunities for all individuals, fostering an inclusive and empowering work environment.

• Career Development: Our corporate culture places a strong emphasis on career development, offering abundant opportunities for growth. Regular interactions with our teams ensure their engagement, motivation, and recognition. We empower our team members to pursue their career goals with confidence and enthusiasm.

• Comprehensive Benefits: In addition to equitable compensation, we provide a comprehensive benefits package that prioritizes the overall well-being of our consultants. We genuinely care about their health and strive to create a positive work environment.

• Flexible Opportunities: At GlobalLogic, we prioritize work-life balance by offering flexible opportunities tailored to your lifestyle. Explore relocation and rotation options for diverse cultural and professional experiences in different countries with our company.

Experience

• 5-10 years

Requirements

• Minimum 5+ years of experience in Security Operations Center (SOC), Cybersecurity Operations, Incident Response, or Managed Security Services

• Minimum 2+ years of experience in leading SOC teams or managing cybersecurity operations

• Strong experience with SIEM, EDR/XDR, SOAR, Threat Intelligence, and Incident Management platforms

• Hands-on experience managing enterprise security incidents and coordinating response activities

• Experience working with geographically distributed teams and global customers

• Proven experience managing stakeholders, customer communications, escalations, SLAs, KPIs, and operational reporting

• Strong understanding of SOC processes, operational workflows, alert triage, incident response lifecycle, and security monitoring best practices

• Experience in developing, optimizing, and maintaining SOC playbooks, runbooks, and standard operating procedures

• Experience in onboarding new customers, log sources, and security use cases into SOC operations

• Knowledge of MITRE ATT&CK, Cyber Kill Chain, threat hunting methodologies, and detection engineering practices

• Experience working in 24/7 SOC environments and managing shift-based operations

• Strong analytical, organizational, and problem-solving skills

• Ability to work effectively in a fast-paced and high-pressure environment

• Excellent communication and stakeholder management skills

• Strong English communication skills (written and verbal)

• Preferred Certifications

• CISSP, CISM, GCIA, GCIH, GMON, or equivalent cybersecurity certifications

• ITIL Foundation certification is a plus

• PMP, PRINCE2, Agile, or equivalent project/service management certifications are considered an advantage

• Must-Have Skills

• SOC Operations Management

• Customer & Stakeholder Management

• Team Leadership & People Management

• SOC Process Optimization

• Pre-sales experience

• Incident Response & Major Incident Handling

• Knowing different SIEM Platforms (Microsoft Sentinel, Splunk, etc.)

• Security Monitoring & Threat Detection

• SLA/KPI Management & Operational Reporting

• Security Incident Triage & Escalation Management

• Playbook / Runbook Development

• Nice-to-Have Skills

• Knowing different EDR/XDR Solutions (CrowdStrike, Defender, SentinelOne)

• Understanding what is SOAR automation

• Understanding what is Detection Engineering

• Threat Intelligence Platforms

• Service Delivery Management experience

• Threat Hunting & Detection Use Case Management

Job responsibilities

• Take full ownership of SOC operations, ensuring stable, effective, and high-quality delivery of security monitoring and incident response services

• Lead and manage SOC teams, including Security Analysts (L1/L2/L3), Incident Responders, Solution and Detection Engineers

• Actively participate in recruitment activities, onboarding, mentoring, training, and knowledge transfer for SOC personnel

• Ensure uninterrupted 24/7 SOC operations, coordinating with internal technical teams, external vendors, and customer stakeholders

• Develop and maintain SOC operational processes, procedures, playbooks, and incident response runbooks

• Continuously improve SOC operational efficiency through automation, workflow optimization, and process standardization

• Define, track, and report SOC operational metrics and KPIs, including MTTD, MTTR, SLA compliance, incident trends, alert quality, and analyst performance

• Manage escalations and major security incidents, ensuring timely resolution and effective communication with stakeholders

• Drive onboarding of new customers, log sources, integrations, detection use cases, and security technologies into SOC services

• Conduct regular operational reviews and identify opportunities for service improvement and optimization

• Participate in customer meetings, governance calls, service reviews, and executive reporting

• Support pre-sales activities, including customer presentations, SOC capability demonstrations, RFP responses, and solution discussions

• Contribute to the development and expansion of SOC services and cybersecurity offerings

• Ensure SOC operations align with industry best practices, compliance requirements, and internal security standards

• Foster a strong security culture, continuous learning, and operational excellence within the SOC team