Security Monitoring & Incident Response Product Owner (m/f/d)

We are expanding our Global Corporate Information Security team and are looking for a Security Monitoring & Incident Response Product Owner (m/f/d) to establish and scale our global security operations.

Creating passion: your responsibilities

SOC Operations & Service Management

• Own the end-to-end operations of the global SOC, ensuring effective collaboration between internal analysts and the MSSP (L1/L2).
• Monitor, manage, and optimize processes, including alert triage, escalation flows, and incident response handovers.
• Ensure all services related to Security Monitoring and Incident Response perform against defined SLAs and KPIs, and drive actions when service quality deviates.
• Implement the SOC "product" roadmap related to Security Monitoring & Incident Response, including implementation of the strategic vision, backlog, and prioritization of improvements.

Vendor & MSSP Management

• Act as the primary liaison between the organization and the MSSP to deliver SOC services.
• Conduct recurring service governance meetings (operational and tactical).
• Track and validate MSSP deliverables, including detection operations, case handling quality, and runbook adherence.
• Coordinate improvements to MSSP workflows, communication channels, and response processes.

Incident Response Alignment

• Align with the internal incident response team to ensure seamless escalation.
• Support the refinement of incident response procedures, playbooks, and communication guidelines.
• Ensure major incidents are appropriately handled, documented, and followed by lessons learned sessions.
• Guide the continuous evolution of incident management maturity and readiness.

Governance, Compliance & Documentation

• Maintain alignment with internal security frameworks, standards, and regulatory requirements.
• Produce regular reports on operational performance, risks, coverage, and incident trends.
• Ensure processes, runbooks, service definitions, and operating procedures are consistently documented and kept up to date.
• Support audits, assessments, and readiness activities related to detection and response.

Contributing your strengths: your qualifications

• Bachelor's/Master's in Cybersecurity, Computer Science, or related field.
• 7+ years of operational experience in SOC environments (L2/L3, threat hunting, incident response, service delivery, operational delivery).
• Exposure to global organizations and distributed security functions.
• Knowledge of modern security frameworks (MITRE ATT&CK, NIST CSF, ISO 27001).
• Experience implementing KPIs and running continual service improvement processes.
• Relevant certifications (e.g., CISSP, GCIH, CCSP, GCIA, GMON) are a plus, but not mandatory.
• Fluency in English (written and spoken).
• Willingness and ability to travel to Liebherr sites worldwide up to 10% of the time.

Our commitment to you: your benefits

• Competitive compensation and benefits package that recognizes your expertise.
• Flexible and hybrid working model.
• Creative freedom and responsibility to shape processes and solutions in our global transformation.
• Continuous learning and development with tailored training and certification opportunities.
• Meal vouchers.
• Life and accident insurance.
• Option to include a premium private health insurance package as part of the flexible remuneration.
• A safe, stable and international workplace within a trusted family business that invests in people.

Location

Liebherr IT Shared Service Centre Ibérica, S.L.

Parque Norte. Alamo building Serrano Galvache, 56

28033 Madrid

Spain (ES)