The SOC Specialist (m/f/d) is responsible for the design, maintenance, and enhancement of Security Operations Center (SOC) infrastructure and processes. They work closely with incident responders, analysts, and threat intelligence teams to optimize detection capabilities, improve SOC workflows, and ensure rapid incident triage and response.
The working location for this position will be in Madrid city, where we are currently setting up a new office.
Creating passion: your responsibilities
Use Case Development: Design and test new security use cases to enhance the detection and response capabilities of Liebherr's SIEM system
Log Source Onboarding: Onboard and integrate various log sources into the SIEM system, ensuring comprehensive visibility across the organization's IT environment
SOAR Playbook Implementation: Design, implement, and maintain SOAR playbooks to automate incident response processes and improve operational efficiency
System Optimization: Continuously evaluate and optimize the performance of the SIEM and SOAR systems to ensure they meet the evolving security needs of the organization. Also optimize costs in regards to Log sources and their retention
Threat Detection Engineering: Design and implement advanced detection techniques and perform threat hunting as well as lead tuning exercises and detection gap analysis
Collaboration: Work closely with the SOC team and other IT departments to ensure seamless integration of security tools and processes
Documentation: Maintain thorough documentation of use cases, log source configurations, and SOAR playbooks for future reference and compliance purposes
Note that this role requires time on-call every 6 to 8 weeks.
Contributing your strengths: your qualifications
Bachelor's/Master's in Cybersecurity, Computer Science, or related field
3+ years in cybersecurity, ideally as SOC-Engineer
Hands‐on knowledge of SIEM, and security analytics tools (e.g. Microsoft Sentinel, Microsoft Defender XDR, Elastic SIEM)
Familiarity with SOAR platforms and automation processes (especially Microsoft Logic Apps, Microsoft Sentinel Automations)
Experience in security log source onboarding & automation of security tasks
Proficiency in scripting and programming languages (e.g. Python, PowerShell) for automation tasks
English is a Must, German and French are a plus
Understanding of cybersecurity frameworks and standards (e.g. ISO27001, NIST, GDPR)
Strong analytical, problem‐solving skills and communication skills
Following certificates are a plus: GIAC Python Coder (GPYC), GIAC Cloud Security Automation (GCSA), GIAC Security Operations Certified (GSOC), Cloud certifications (AWS, Azure, or GCP)
Our commitment to you: your benefits
Competitive compensation and benefits package that recognizes your expertise
Flexible and hybrid working model
Creative freedom and responsibility to shape processes and solutions in our global transformation
Continuous learning and development with tailored training and certification opportunities
Meal vouchers
Life and accident insurance
Option to include a premium private health insurance package as part of the flexible remuneration
A safe, stable and international workplace within a trusted family business that invests in people
Please only use the online application option.
Please note that we do not accept applications via recruitment agencies for this position.
Have we awoken your interest? Then we look forward to receiving your online application. If you have any questions, please contact Karoliina Rissanen.
One Passion. Many Opportunities.
The CompanyLiebherr is a family-run technology company that is not only one of the largest construction machinery manufacturers in the world, but also offers high-quality, user‐oriented products and services in many other areas. The Group employs nearly 50,000 people in more than 140 companies on all continents.
LocationLiebherr IT Shared Service Centre Ibérica, S.L.MadridSpain (ES)
ContactKaroliina Rissanenkaroliina.rissanen@liebherr.com
#J-18808-Ljbffr