SOC Team Lead / SOC Manager (Poland)

Summary

Andersen is hiring a SOC Team Lead / SOC Manager in Poland to build and lead a Security Operations Center, defining processes, tools, and workflows to ensure effective security monitoring and incident response.

Andersen is a pre-IPO software development company that provides a full cycle of services, following project management standards and best practices. For over 19 years, we have been helping enterprises and middle-sized firms transform their businesses by creating effective digital solutions using innovative technologies.

The project is focused on building and leading a Security Operations Center from scratch, including designing SOC processes, tools, and workflows to ensure effective monitoring, detection, and response to security incidents.

Responsibilities

• Hiring and building a team of SOC Analysts (L1, L2, L3) from the ground up.
• Leading and managing the SOC team and ensuring 24/7 operations.
• Owning shift planning, SOC procedures, playbooks, and escalation protocols.
• Acting as point of escalation for complex security incidents and investigations.
• Defining and monitoring SOC KPIs and metrics (MTTD, MTTR, SLA compliance).
• Collaborating with Threat Intelligence, Incident Response, IT and Cloud teams.
• Driving tuning and improvements across SIEM, EDR/XDR, SOAR platforms.
• Ensuring compliance with regulatory frameworks (ISO 27001, NIS2, etc.).
• Helping with onboarding and continuous training of SOC staff.

Requirements

• Experience in security operations (SOC, CSIRT, MSSP) for 5+ years.
• Experience in a SOC Team Lead, Deputy Manager, or shift-lead role for 1+ year.
• Deep knowledge of security monitoring, detection, incident handling.
• Experience with SIEM (e.g., Sentinel, Splunk, QRadar), EDR/XDR platforms.
• Hands-on experience with incident triage, forensics, and escalation.
• Strong understanding of MITRE ATT&CK, cyber kill chain, detection logic.
• Level of English – from Upper-Intermediate+ and above.

Desired skills

• Experience building SOCs from scratch or in startup environments.
• Familiarity with Microsoft Defender suite, Sentinel, and SOAR tools.
• Exposure cloud-native monitoring (AWS, Azure, GCP).
• Relevant certifications (e.g., GCIA, GCIH, CISSP, Azure SC-200).

Reasons to join us

• Experience in teamwork with leaders in FinTech, Healthcare, Retail, Telecom, and others. Andersen cooperates with such businesses as Samsung, Siemens, Johnson & Johnson, BNP Paribas, Ryanair, Mercedes, TUI, Verivox, Allianz, T-Systems, etc..
• The opportunity to change the project and/or develop expertise in an interesting business domain.
• Job conditions – you can work both fully remotely and from the office or can choose a hybrid variant.
• Guarantee of professional, financial, and career growth! The company has introduced systems of mentoring and adaptation for each new employee.
• The opportunity to earn up to an additional 1,000 USD per month, depending on the level of expertise, which will be included in the annual bonus, by participating in the company's activities.
• Access to the corporate training portal, where the entire knowledge base of the company is collected and which is constantly updated.
• Bright corporate life (parties / pizza days / PlayStation / fruits / coffee / snacks / movies).
• Certification compensation (AWS, PMP, etc).
• Referral program.
• English courses.
• Private health insurance and compensation for sports activities.

Join us!

Locations

Poland