Security Operations Center (SOC) Lead / Manager IRC295249

Description

The Security Operations Center (SOC) in Krakow is part of the global Cybersecurity Operations and Managed Security Services (MSSP) organization, responsible for delivering 24/7 security monitoring, threat detection, incident response, and continuous security operations support for enterprise customers across multiple regions.

The department provides centralized cybersecurity monitoring and operational support services, leveraging advanced security technologies, threat intelligence, SIEM, EDR/XDR, and automation platforms to detect, analyze, investigate, and respond to cybersecurity threats in real time.

The SOC team works closely with internal cybersecurity engineering teams, infrastructure teams, customers, and external partners to ensure effective protection of customer environments, continuous improvement of detection capabilities, and operational excellence.

We are looking for an experienced SOC Lead / SOC Manager to lead and scale Security Operations Center (SOC) services, ensuring high-quality security monitoring, incident detection, response, and continuous improvement of cybersecurity operations for enterprise customers. The role requires strong leadership, operational management, stakeholder communication, and hands-on experience in SOC environments.

Due to the nature of the job, the work model is onsite in Kraków.

#LI-TZ1

Requirements

• Minimum 5+ years of experience in Security Operations Center (SOC), Cybersecurity Operations, Incident Response, or Managed Security Services
• Minimum 2+ years of experience in leading SOC teams or managing cybersecurity operations
• Strong experience with SIEM, EDR/XDR, SOAR, Threat Intelligence, and Incident Management platforms
• Hands-on experience managing enterprise security incidents and coordinating response activities
• Experience working with geographically distributed teams and global customers
• Proven experience managing stakeholders, customer communications, escalations, SLAs, KPIs, and operational reporting
• Strong understanding of SOC processes, operational workflows, alert triage, incident response lifecycle, and security monitoring best practices
• Experience in developing, optimizing, and maintaining SOC playbooks, runbooks, and standard operating procedures
• Experience in onboarding new customers, log sources, and security use cases into SOC operations
• Knowledge of MITRE ATT&CK, Cyber Kill Chain, threat hunting methodologies, and detection engineering practices
• Experience working in 24/7 SOC environments and managing shift-based operations
• Strong analytical, organizational, and problem-solving skills
• Ability to work effectively in a fast-paced and high-pressure environment
• Excellent communication and stakeholder management skills
• Strong English communication skills (written and verbal)

Preferred Certifications

• CISSP, CISM, GCIA, GCIH, GMON, or equivalent cybersecurity certifications
• ITIL Foundation certification is a plus
• PMP, PRINCE2, Agile, or equivalent project/service management certifications are considered an advantage

Must-Have Skills

• SOC Operations Management
• Customer & Stakeholder Management
• Team Leadership & People Management
• SOC Process Optimization
• Pre-sales experience
• Incident Response & Major Incident Handling
• Knowing different SIEM Platforms (Microsoft Sentinel, Splunk, etc.)
• Security Monitoring & Threat Detection
• SLA/KPI Management & Operational Reporting
• Security Incident Triage & Escalation Management
• Playbook / Runbook Development

Nice-to-Have Skills

• Knowing different EDR/XDR Solutions (CrowdStrike, Defender, SentinelOne)
• Understanding what is SOAR automation
• Understanding what is Detection Engineering
• Threat Intelligence Platforms
• Service Delivery Management experience
• Threat Hunting & Detection Use Case Management

Job responsibilities

• Take full ownership of SOC operations, ensuring stable, effective, and high-quality delivery of security monitoring and incident response services
• Lead and manage SOC teams, including Security Analysts (L1/L2/L3), Incident Responders, Solution and Detection Engineers
• Actively participate in recruitment activities, onboarding, mentoring, training, and knowledge transfer for SOC personnel
• Ensure uninterrupted 24/7 SOC operations, coordinating with internal technical teams, external vendors, and customer stakeholders
• Develop and maintain SOC operational processes, procedures, playbooks, and incident response runbooks
• Continuously improve SOC operational efficiency through automation, workflow optimization, and process standardization
• Define, track, and report SOC operational metrics and KPIs, including MTTD, MTTR, SLA compliance, incident trends, alert quality, and analyst performance
• Manage escalations and major security incidents, ensuring timely resolution and effective communication with stakeholders
• Drive onboarding of new customers, log sources, integrations, detection use cases, and security technologies into SOC services
• Conduct regular operational reviews and identify opportunities for service improvement and optimization
• Participate in customer meetings, governance calls, service reviews, and executive reporting
• Support pre-sales activities, including customer presentations, SOC capability demonstrations, RFP responses, and solution discussions
• Contribute to the development and expansion of SOC services and cybersecurity offerings
• Ensure SOC operations align with industry best practices, compliance requirements, and internal security standards
• Foster a strong security culture, continuous learning, and operational excellence within the SOC team

What we offer

Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. 

Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally.

Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today.

Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way!

High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do.

About GlobalLogic

GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.