Soc Specialist

Company Description Metro Global Solution Center MGSC is internal solution partner for METRO a EUR31 Billion international wholesaler with operations in more than 30 countries The store network comprises a total of 623 stores in 21 countries of which 522 offer out-of-store delivery OOS and 94 dedicated depots In 12 countries METRO runs only the delivery business by its delivery companies Food Service Distribution FSD HoReCa and Traders are core customer groups of METRO The HoReCa section includes hotels restaurants catering companies as well as bars cafes and canteen operators The Traders section includes small grocery stores and kiosks The majority of all customer groups are small and medium-sized enterprises as well as sole traders METRO helps them manage their business challenges more effectively MGSC location wise is present in Pune India Dusseldorf Germany and Szczecin Poland We provide HR Finance IT Business operations support to 31 countries speak 24 languages and process over 18 000 transactions a day We are setting tomorrow s standards for customer focus digital solutions and sustainable business models For over 10 years we have been providing services and solutions from our two locations in Pune and Szczecin This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion We believe that we can add value drive efficiency and satisfy our customers Profile Summary As a Level 3 Cyber Defense Operations Center CDOC Specialist you will lead advanced security operations with a focus on SIEM and SOAR technologies driving detection engineering automated response and complex incident handling You ll be responsible for optimizing detection rules developing playbooks and managing high-severity incidents from triage to resolution In parallel you ll mentor Level 1 and 2 analysts preparing to lead your own team in the future While EDR remains part of the security stack your primary emphasis is on leading Incident Response activities leveraging SIEM and SOAR to enhance operational efficiency and threat mitigation This role requires deep technical expertise leadership potential and a proactive approach to evolving threats - Oversee daily operations including SIEM SOAR tuning alert triage and coordinated incident response to ensure effective real-time threat monitoring Lead end-to-end security incident response including analysis containment mitigation and reporting leveraging SIEM SOAR insights and cross-team coordination for swift resolution Design and implement detective controls for emerging threats and vulnerabilities Perform proactive threat hunting across multiple platforms and environments Support in designing and maintaining detection rules response playbooks and escalation paths aligned with threat intelligence and compliance Continuously enhance SIEM SOAR XDR alert use cases and threat detection capabilities Act as a senior liaison with threat intelligence and infrastructure teams to enhance detection and response capabilities Research emerging threats vulnerabilities and attack techniques to improve defenses Participate in a 24 7 on-call rotation to support incident response and critical investigations Document incident response activities and produce detailed reports for stakeholders Conduct post-incident reviews to drive improvements in tools processes and readiness Collaborate across teams to improve the organization s threat detection and response maturity Maintain detailed incident records contribute to reporting and support audit readiness Guide and train junior analysts promoting best practices and continuous improvement within the SOC Ensure detection and response processes align with regulatory and organizational standards Stay up to date on emerging threats and technologies to continuously evolve SOC capabilities Support comprehensive asset inventory and ownership mapping to ensure full monitoring coverage Qualifications Exp and Qualification Bachelor s degree in Computer Science Information Technology Cybersecurity or a related field A Master s degree or relevant certifications e g CISSP CISM SANS GIAC ECIH GCIH CEH DFIR may be preferred 7-11 years of total experience in SOC in a large multi-national organization or in a known MSSP In addition to minimum 8 years of Incident Response experience candidate should posses at least 2 years of experience on SOAR capabilities Technical Soft Skills Deep hands-on expertise with technologies like SIEM SOAR XDR such as Google Chronicle Crowdstrike Logscale Splunk Strong working knowledge of endpoint security tools and concepts including EDR CrowdStrike Defender Cortex DLP and MDM Strong knowledge of MITRE ATT CK NIST CSF frameworks and cyber kill chain concepts Advanced proficiency in automating incident response using SOAR technologies Solid understanding of network security operating systems and hybrid cloud environments Cloud On-Prem VDI Proficiency in scripting languages e g Python PowerShell for automation and analysis In-depth knowledge of threat landscapes and technical security concepts Strong grasp of network protocols OS internals and security technologies Familiar with compliance standards such as NIST CSF and ISO 27001 Strong organizational and time management skills with the ability to coordinate and prioritize multiple tasks simultaneously Ability to work under pressure especially during critical security incidents Ability to conduct independent research and analysis identifying issues formulating options and making conclusions and recommendations Skilled in developing professional documentation and detailed reporting including PowerPoint presentations including policies standards processes and procedures Very high attention to detail with strong skills in managing presenting data and information Demonstrable conceptual analytical and innovative problem-solving and evaluative skills Excellent communication and interpersonal skills to effectively collaborate with stakeholders and internal teams