Descripción del empleo
We are expanding our General Corporate Information Security team and are looking for a Security Monitoring & Incident Response Product Owner (m/f/d) to establish and scale our global security operations.
The Security Monitoring & Incident Response Product Owner is responsible for driving operational excellence, implementing the strategic evolution, and ensuring the service quality of our global Security Operations Center (SOC).
The Security Monitoring & Incident Response Product Owner serves as the central orchestrator between internal SOC team members, the MSSP, technology teams, and the Head of Global SOC – ensuring that the SOC delivers reliable, high‑quality security monitoring and continuously improves its maturity, coverage, and effectiveness.
The working location for this position will be in Madrid city, where we operate a hybrid model, requiring at least 40% of the working time on site.
Responsibilities
-
SOC Operations & Service Management
- Own the end‑to‑end operations of the global SOC, ensuring effective collaboration between internal analysts and the MSSP (L1/L2).
- Monitor, manage, and optimize processes, including alert triage, escalation flows, and incident response handovers.
- Ensure all services related to Security Monitoring and Incident Response perform against defined SLAs and KPIs, and drive actions when service quality deviates.
- Implement the SOC "product" roadmap related to Security Monitoring & Incident Response, including implementation of the strategic vision, backlog, and prioritization of improvements.
-
Vendor & MSSP Management
- Act as the primary liaison between the organization and the MSSP to deliver SOC services.
- Conduct recurring service governance meetings (operational and tactical).
- Track and validate MSSP deliverables, including detection operations, case handling quality, and runbook adherence.
- Coordinate improvements to MSSP workflows, communication channels, and response processes.
-
Incident Response Alignment
- Align with the internal incident response team to ensure seamless escalation.
- Support the refinement of incident response procedures, playbooks, and communication guidelines.
- Ensure major incidents are appropriately handled, documented, and followed by lessons learned sessions.
- Guide the continuous evolution of incident management maturity and readiness.
-
Governance, Compliance & Documentation
- Maintain alignment with internal security frameworks, standards, and regulatory requirements.
- Produce regular reports on operational performance, risks, coverage, and incident trends.
- Ensure processes, runbooks, service definitions, and operating procedures are consistently documented and kept up to date.
- Support audits, assessments, and readiness activities related to detection and response.
Qualifications
- Bachelor's/Master's in Cybersecurity, Computer Science, or related field.
- 7+ years of operational experience in SOC environments (L2/L3, threat hunting, incident response, service delivery, operational delivery).
- Exposure to global organizations and distributed security functions.
- Knowledge of modern security frameworks (MITRE ATT&CK, NIST CSF, ISO *****).
- Experience implementing KPIs and running continual service improvement processes.
- Relevant certifications (e.g., CISSP, GCIH, CCSP, GCIA, GMON) are a plus, but not mandatory.
- Fluency in English (written and spoken).
- Willingness and ability to travel to Liebherr sites worldwide up to 10% of the time.
Benefits
- Competitive compensation and benefits package that recognizes your expertise.
- Flexible and hybrid working model.
- Creative freedom and responsibility to shape processes and solutions in our general transformation.
- Continuous learning and development with tailored training and certification opportunities.
- Meal vouchers.
- Life and accident insurance.
- Option to include a premium private health insurance package as part of the flexible remuneration.
Location
Liebherr IT Shared Service Centre Ibérica, S.L.
Parque Norte, Alamo building Serrano Galvache, 56
***** Madrid, Spain (ES)
Contact
Karoliina Rissanen
Información extra
- Status
- Activa
- Estudios requeridos
- E.S.O
- Localización
- Madrid
- Tipo de contrato
- Tiempo completo
- Publicado el
- 05-07-2026
- Carnet de conducir
- No
- Vehículo
- No
- Carta de motivación
- No
Recibe ofertas similares en tu bandeja de entrada del correo electrónico
Indica debajo en que area estas buscando una función similar y no olvides poner tu correo electrónico.