We are expanding our Global Corporate Information Security team and are looking for a Security Monitoring & Incident Response Product Owner (m/f/d) to establish and scale our global security operations.
The Security Monitoring & Incident Response Product Owner is responsible for driving the operational excellence, implementing the strategic evolution, and service quality of our integral Security Operations Center (SOC). The Security Monitoring & Incident Response Product Owner serves as the central orchestrator between internal SOC team members, the MSSP, technology teams, and the Head of Global SOC - ensuring that the SOC delivers reliable, high quality security monitoring and continuously improves its maturity, coverage, and effectiveness.
The working location for this position will be in Madrid city, where we operate a hybrid model, requiring at least 40% of the working time on-site.
Creating passion: your responsibilities
SOC Operations & Service Management
- Own the end-to-end operations of the global SOC, ensuring effective collaboration between internal analysts and the MSSP (L1/L2).
- Monitor, manage, and optimize processes, including alert triage, escalation flows, and incident response handovers.
- Ensure all services related to Security Monitoring and Incident Response to perform against defined SLAs and KPIs, and drive actions when service quality deviates.
- Implement the SOC \"product\" roadmap related to Security Monitoring & Incident Response, including implementation of the strategic vision, backlog, and prioritization of improvements.
Vendor & MSSP Management
- Act as the primary liaison between the organization and the MSSP to deliver SOC services.
- Conduct recurring service governance meetings (operational and tactical).
- Track and validate MSSP deliverables, including detection operations, case handling quality, and runbook adherence.
- Coordinate improvements to MSSP workflows, communication channels, and response processes.
Incident Response Alignment
- Align with the internal incident response team to ensure seamless escalation.
- Support the refinement of incident response procedures, playbooks, and communication guidelines.
- Ensure major incidents are appropriately handled, documented, and followed by lessons learned sessions.
- Guide the continuous evolution of incident management maturity and readiness.
Governance, Compliance & Documentation
- Maintain alignment with internal security frameworks, standards, and regulatory requirements.
- Produce regular reports on operational performance, risks, coverage, and incident trends.
- Ensure processes, runbooks, service definitions, and operating procedures are consistently documented and kept up to date.
- Support audits, assessments, and readiness activities related to detection and response.
Contributing your strengths: your qualifications
- Bachelor's/Master's in Cybersecurity, Computer Science, or related field.
- 7+ years of operational experience in SOC environments (L2/L3, threat hunting, incident response, service delivery, operational delivery).
- Exposure to general organizations and distributed security functions.
- Knowledge of modern security frameworks (MITRE ATT&CK;, NIST CSF, ISO 27001).
- Experience implementing KPIs and running continual service improvement processes.
- Relevant certifications (e.g., CISSP, GCIH, CCSP, GCIA, GMON) are a plus, but not mandatory.
- Fluency in English (written and spoken).
- Willingness and ability to travel to Liebherr sites worldwide up to 10% of the time.
Our commitment to you: your benefits
- Competitive compensation and benefits package that recognizes your expertise.
- Flexible and hybrid working model.
- Creative freedom and responsibility to shape processes and solutions in our global transformation.
- Continuous learning and development with tailored training and certification opportunities.
- Meal vouchers.
- Life and accident insurance.
- Option to include a premium private health insurance package as part of the flexible remuneration.
- A safe, stable and international workplace within a trusted family business that invests in people.
Location
Liebherr IT Shared Service Centre Ibérica, S.L.
Parque Norte. Alamo building Serrano Galvache, 56
28033 Madrid
Spain (ES)
Contact
Karoliina Rissanen
#J-18808-Ljbffr