Descripción del empleo
We are expanding our Global Corporate Information Security team and are looking for a Security Monitoring & Incident Response Product Owner (m/f/d) to establish and scale our global security operations.
The Security Monitoring & Incident Response Product Owner serves as the central orchestrator between internal SOC team members, the MSSP, technology teams, and the Head of Global SOC — ensuring that the SOC delivers reliable, high quality security monitoring and continuously improves its maturity, coverage, and effectiveness.
Location: Madrid city (hybrid model, requiring at least 40% of the working time on‑site).
Responsibilities
- Own the end‑to‑end operations of the global SOC, ensuring effective collaboration between internal analysts and the MSSP (L1/L2).
- Monitor, manage, and optimize processes, including alert triage, escalation flows, and incident response handovers.
- Ensure all services related to Security Monitoring and Incident Response perform against defined SLAs and KPIs, and drive actions when service quality deviates.
- Implement the SOC “product” roadmap related to Security Monitoring & Incident Response, including implementation of the strategic vision, backlog, and prioritization of improvements.
- Act as the primary liaison between the organization and the MSSP to deliver SOC services.
- Conduct recurring service governance meetings (operational and tactical).
- Track and validate MSSP deliverables, including detection operations, case handling quality, and runbook adherence.
- Coordinate improvements to MSSP workflows, communication channels, and response processes.
- Align with the internal incident response team to ensure seamless escalation.
- Support the refinement of incident response procedures, playbooks, and communication guidelines.
- Ensure major incidents are appropriately handled, documented, and followed by lessons learned sessions.
- Guide the continuous evolution of incident management maturity and readiness.
- Maintain alignment with internal security frameworks, standards, and regulatory requirements.
- Produce regular reports on operational performance, risks, coverage, and incident trends.
- Ensure processes, runbooks, service definitions, and operating procedures are consistently documented and kept up to date.
- Support audits, assessments, and readiness activities related to detection and response.
Qualifications
- Bachelor’s/Master’s in Cybersecurity, Computer Science, or related field.
- 7+ years of operational experience in SOC environments (L2/L3, threat hunting, incident response, service delivery, operational delivery).
- Exposure to global organizations and distributed security functions.
- Knowledge of modern security frameworks (MITRE ATT&CK, NIST CSF, ISO 27001).
- Experience implementing KPIs and running continual service improvement processes.
- Relevant certifications (e.g., CISSP, GCIH, CCSP, GCIA, GMON) are a plus, but not mandatory.
- Fluency in English (written and spoken).
- Willingness and ability to travel to Liebherr sites worldwide up to 10% of the time.
Benefits
- Competitive compensation and benefits package that recognizes your expertise.
- Flexible and hybrid working model.
- Creative freedom and responsibility to shape processes and solutions in our global transformation.
- Continuous learning and development with tailored training and certification opportunities.
- Meal vouchers.
- Life and accident insurance.
- Option to include a premium private health insurance package as part of the flexible remuneration.
- A safe, stable and international workplace within a trusted family business that invests in people.
Información extra
- Status
- Activa
- Estudios requeridos
- E.S.O
- Localización
- Madrid
- Tipo de contrato
- Tiempo completo
- Publicado el
- 05-07-2026
- Carnet de conducir
- No
- Vehículo
- No
- Carta de motivación
- No
Recibe ofertas similares en tu bandeja de entrada del correo electrónico
Indica debajo en que area estas buscando una función similar y no olvides poner tu correo electrónico.