For our Client, a new Security Operations Center in Kraków, we are looking for a SOC Team Lead.

Role Overview: This position involves leading a team of motivated and skilled Cybersecurity analysts within a 24/7 SOC environment. The primary responsibilities include event identification, triage, and remediation across the enterprise. The selected candidate will collaborate with other cybersecurity teams, drive threat intelligence implementation, and contribute to SOC process development. Automation, efficiency enhancement, and best practices will be key areas of focus.

Duties and Responsibilities:

1. Incident Management: Ensure effective incident identification, assessment, quantification, reporting, communication, mitigation, and ongoing monitoring.

2. Collaboration: Work closely with other cybersecurity teams and business units to address security incidents.

3. Threat Intelligence: Implement emerging threat intelligence (such as IOCs and updated rules) to identify affected systems and assess attack scope.

4. Alert Handling: Establish standards and procedures to address alerts promptly, accurately, and relevantly.

5. Playbooks: Develop and refine operational response “playbooks” for handling cyber threats.

6. Autonomous Investigation: Independently investigate and escalate incidents following established policies and processes.

7. Mentoring: Provide guidance and mentorship to SOC level II and III Analysts.

8. Incident Leadership: Lead SOC analysts during incident response actions and collaborate with leadership during active incidents.

9. Metrics Reporting: Evaluate, develop, and report SOC-related metrics through dashboards and reports.

10. Shift Management: Manage shift schedules and lead SOC personnel.

11. Tabletop Exercises: Design and present relevant Cybersecurity tabletop exercises to identify process improvement opportunities.

Qualifications:

• Candidates should possess any of the following certifications: CISSP, CASP, CCSP, SSCP, SANS GIAC GMON, GCIH, GCIA, GCFA, GCFE, GREM.
• In-depth technical knowledge: Understand both established and emerging cybersecurity technologies.
• Hands-on experience: Work within a Computer Incident Response organization, handling large-scale incidents across the Protect, Detect, Respond, and Sustain phases.
• Threat lifecycle expertise: Grasp the entire cycle of cybersecurity threats, including attack vectors and exploitation methods.
• Frameworks and methodologies: Familiarity with Intelligence Driven Defense, Cyber Kill Chain, and MITRE ATT&CK.
• Cloud proficiency: Experience monitoring and responding to threats in Cloud environments.

Education

• Associate degree Information Technology, Cybersecurity or Computer Science is preferred.

Experience:

• 5+ years working in a Security Operations Center (SOC) with expertise in SIEM technologies (Required).
• 2+ years of experience in leading and developing others (Preferred).
• 7+ years in the general field of Cybersecurity (Required).

Skills and Abilities:

• Advanced ability to identify automation/orchestration opportunities and create implementation plans.
• Advanced leadership, problem-solving, and critical thinking skills. The ability to prioritise and execute autonomously.
• Advanced communication skills (both verbal and written) across all organisational levels.
• Advanced understanding of the latest security principles and protocols.
• Advanced knowledge of security operations technologies, including SIEM, endpoint tools, and network-based logs.
• Familiarity with emerging technologies and tactics used within a SOC to enhance efficiency and effectiveness.
• Advanced understanding of cyber threat tactics, techniques, and procedures, with the ability to develop relevant alerting, countermeasures, and threat hunting techniques.
• Intermediate scripting ability (Powershell, Python).

Working Hours

• 8am – 6pm local time

Hays Poland sp. z o.o. is an employment agency registered in a registry kept by Marshal of the Mazowieckie Voivodeship under the number 361.