SOC Team Lead / SOC Manager in Poland

Andersen is hiring a SOC Team Lead / SOC Manager in Poland to build and lead a Security Operations Center, defining processes, tools, and workflows to ensure effective security monitoring and incident response. 

Andersen is a pre-IPO software development company that provides a full cycle of services, following project management standards and best practices. For over 19 years, we have been helping enterprises and middle-sized firms transform their businesses by creating effective digital solutions using innovative technologies. 

The project is focused on building and leading a Security Operations Center from scratch, including designing SOC processes, tools, and workflows to ensure effective monitoring, detection, and response to security incidents. 

Responsibilities: 

• Hiring and building a team of SOC Analysts (L1, L2, L3) from the ground up. 

• Leading and managing the SOC team and ensuring 24/7 operations. 

• Owning shift planning, SOC procedures, playbooks, and escalation protocols. 

• Acting as point of escalation for complex security incidents and investigations. 

• Defining and monitoring SOC KPIs and metrics (MTTD, MTTR, SLA compliance). 

• Collaborating with Threat Intelligence, Incident Response, IT and Cloud teams. 

• Driving tuning and improvements across SIEM, EDR/XDR, SOAR platforms. 

• Ensuring compliance with regulatory frameworks (ISO 27001, NIS2, etc.). 

• Helping with onboarding and continuous training of SOC staff. 

Must-haves: 

• Experience in security operations (SOC, CSIRT, MSSP) for 5+ years. 

• Experience in a SOC Team Lead, Deputy Manager, or shift-lead role for 1+ year. 

• Deep knowledge of security monitoring, detection, incident handling. 

• Experience with SIEM (e.g., Sentinel, Splunk, QRadar), EDR/XDR platforms. 

• Hands-on experience with incident triage, forensics, and escalation. 

• Strong understanding of MITRE ATT&CK, cyber kill chain, detection logic. 

• Level of English – from Upper-Intermediate+ and above. 

Nice-to-haves: 

• Experience building SOCs from scratch or in startup environments. 

• Familiarity with Microsoft Defender suite, Sentinel, and SOAR tools. 

• Exposure cloud-native monitoring (AWS, Azure, GCP). 

• Relevant certifications (e.g., GCIA, GCIH, CISSP, Azure SC-200). 

Reasons why this job would be interesting to you: 

• Andersen cooperates with such companies as Siemens, Johnson & Johnson, AstraZeneca, BNP Paribas, Allianz, Ryanair, TUI, Verivox, Media Markt, etc.. 

• For the past four years, our company has been growing annually by 60–100%, and we constantly involve top-notch specialists in our team. 

• Andersen has mentoring and adaptation systems for new employees, and transparent performance review and assessment systems will allow you to determine your development path and plan your growth. 

• The most important thing that we value in our employees is a commitment to continuous learning. The company supports them in this and gives them access to the best educational platforms, seminars, and practices. In addition, for over 19 years, Andersen has assembled a huge knowledge base and established a robust resource management institution. 

• We have been strengthening our expertise since 2007. During this time, we have formed excellent teams with streamlined processes, where you can learn something new from your colleagues every day and enjoy your work. 

• We are a cool young team of like-minded people communicating informally. 

• You'll have a stable and competitive salary and an extensive benefits package. 

• At Andersen, we have many different ways to grow. You can improve as a specialist or a manager, and all your activities will be decently rewarded. 

Your personal data is protected in accordance with GDPR regulations. Learn more: https://andersenlab.com/privacy-policy/pl

Join us!