Security Operations Leader (SOC)

Barcelona - Spain

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

We are looking for a Security Operations Leader (SOC) to join our team at our offices in Terrassa (Barcelona). The role aims to oversee the design operation and continuous improvement of security monitoring detection triage and incident response (IR) across either an internal SOC or a Managed Security Service Provider (MSSP) / MDR modelor a hybrid of both. The SOC Leader ensures threats are detected early investigations are timely and effective and incidents are contained and remediated with minimal business impact. The role aligns SOC operations with enterprise risk regulatory requirements and the security strategy defined by the CISO.

Key Responsibilities

Strategy & Governance

Develop and own the SOC operating model (internal external or hybrid) aligned to the enterprise cyber risk appetite and CISO strategy.

Define and maintain SOC policies playbooks runbooks and standard operating procedures (SOPs).

Establish detection and response strategy across the kill chain/attack lifecycle mapping to frameworks (e.g. MITRE ATT&CK NIST CSF ISO 27001).

Maintain a risk-based threat-informed defense program including threat modeling and purple teaming cycles.

Operations & Incident Response

Lead end-to-end incident response: detection triage investigation containment eradication recovery lessons learned.

Oversee alert quality triage workflows case management and shift handoffs for 24x7 coverage.

Ensure high-fidelity detections and reduce noise via SIEM/SOAR tuning use case management and threat intel enrichment.

Chair post-incident reviews and drive corrective actions with owners across IT/Cloud/AppSec/Identity/OT.

Coordinate executive communications during major incidents and provide timely updates to the CISO and relevant stakeholders.

Internal SOC Management (if in-sourced)

Build and lead a high-performing SOC team (Tier 13 Analysts IR handlers Threat Hunters SIEM/SOAR Engineers).

Own workforce planning scheduling training mentoring and career development.

Drive engineering backlog and continuous improvement (detection engineering automation log onboarding).

Ensure secure reliable and cost-effective SOC tooling and data pipelines (e.g. SIEM EDR/XDR NDR IAM signals Cloud telemetry).

External SOC / MSSP Management (if out-sourced)

Own vendor selection onboarding contract/SLA/OLA definitions and quarterly business reviews (QBRs).

Manage day-to-day provider performance service quality escalation paths and continuous service improvement plans (CSIPs).

Validate providers detections playbooks threat intel sources and incident handling quality.

Ensure data residency privacy and audit requirements are met; coordinate evidence collection and chain-of-custody.

Collaboration & Stakeholder Management

Partner with IT Operations Cloud DevOps Network Endpoint Identity and OT/IIoT teams for rapid response and remediation.

Collaborate with Threat Intelligence Red/Purple Teams and Vulnerability Management to align detections with evolving threats and attack paths.

Enable business units with playbooks tabletop exercises and awareness on escalation criteria and incident roles.

Risk Compliance & Audit

Ensure SOC controls support compliance requirements (e.g. ISO 27001 NIST 800-53 GDPR NIS2 as applicable).

Maintain audit-ready evidence for monitoring alerting IR processes and SLAs/OLAs.

Lead SOC self-assessments maturity roadmaps (e.g. based on MITRE SOC Evaluations/NIST CSF maturity) and external audits.

Metrics Reporting & Communication

Define and report SOC KPIs/KRIs to the CISO and governance forums; drive data-driven improvements.

Provide executive-ready dashboards and incident summaries including business impact and time-to-recover.

Produce threat trend analyses and quarterly posture reports with investment recommendations.

Key Responsibilities by Model

Internal SOC (In-sourced)

Recruit retain and upskill analysts and engineers; build tiering and career paths.

Own backlog for detections automations and enrichment pipelines; manage change and release for SOC content.

Operate shift schedules (24x7 follow-the-sun or on-call) and ensure resilient coverage.

External SOC (Outsourced/MSSP/MDR)

Define interfaces (RACI/RAAS) escalation matrices and evidence requirements.

Validate detections with realistic attack simulations and joint exercises.

Monitor and enforce SLAs/OLAs; ensure contractual alignment with risk posture and compliance needs.

Leadership Competencies

Decision-making under pressure: Calm structured incident leadership.

Strategic thinking: Aligns SOC investments with business risk and measurable outcomes.

People leadership: Develops talent builds an inclusive high-performance culture.

Influence & communication: Trusted advisor to the CISO and executive stakeholders.

Continuous improvement: Data-driven mindset; automates relentlessly.

Reporting & Escalation

Reports directly to the CISO; serves as primary incident commander for significant security events.

Provides weekly operational summaries monthly KPI dashboards and quarterly executive reviews.

Immediate escalation for potential material/business-impacting incidents per policy.

Qualifications :

Required qualification:

812 years in cybersecurity with 4 years leading SOC operations or Incident Response teams (internal or MSSP).

Hands-on expertise with SIEM (e.g. Microsoft Sentinel) EDR/XDR (e.g. Defender for Endpoint) SOAR NDR and cloud telemetry (Azure/M365 AWS GCP).

Strong knowledge of modern attacker TTPs (MITRE ATT&CK) detections engineering use-case lifecycle and automation with SOAR.

Proven track record managing critical incidents and executive communications.

Experience with vendor management contract/SLA governance and service reviews (for external SOC models).

Familiarity with regulatory and audit frameworks (NIST ISO 27001 etc.).

Excellent leadership coaching and cross-functional collaboration skills.

Strong written and verbal communicationcapable of translating technical detail into business risk and impact.

Preferred qualification:

Certifications: CISSP CISM GIAC (GCIA GCED GCIH GCFA/GCFR GMON) Microsoft SC-200/SC-100 Azure/AWS security certs.

Experience with threat hunting offensive security or purple teaming.

Background in large-scale log onboarding data normalization content engineering and cost-optimized telemetry strategies.

Experience in OT/ICS security (if relevant to the business).

Exposure to data privacy and eDiscovery needs during investigations.

High level of English both written and spoken.

Be fluent in Spanish and German is a plus.

Información adicional :

Additional Information

Availability to travel (approximately 1020%) when required (HQ in Germany).
Valid driving license and own vehicle.

Por Syntegon y sus subsidiarias la diversidad es una preocupación clave. Exclusivamente promovemos un ambiente donde todos los empleados independientemente de su género edad origen religión orientación sexual identidad de género o necesidades especiales sean tratados de manera equitativa. Si esta oferta de trabajo utiliza únicamente la forma masculina es por razones de legibilidad y se refiere a individuos de todos los géneros.

Remote Work :

Employment Type :

Full-time

We are looking for a Security Operations Leader (SOC) to join our team at our offices in Terrassa (Barcelona). The role aims to oversee the design operation and continuous improvement of security monitoring detection triage and incident response (IR) across either an internal SOC or a Managed Securi...