Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €31 Billion international wholesaler with operations in more than 30 countries. The store network comprises a total of 623 stores in 21 countries, of which 522 offer out-of-store delivery (OOS), and 94 dedicated depots. In 12 countries, METRO runs only the delivery business by its delivery companies (Food Service Distribution, FSD).
HoReCa and Traders are core customer groups of METRO. The HoReCa section includes hotels, restaurants, catering companies as well as bars, cafés and canteen operators. The Traders section includes small grocery stores and kiosks. The majority of all customer groups are small and medium-sized enterprises as well as sole traders. METRO helps them manage their business challenges more effectively.
MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide HR, Finance, IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow’s standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.
Profile Summary:
As a Level 3 Cyber Defense Operations Center (CDOC) Specialist, you will lead advanced security operations with a focus on SIEM and SOAR technologies, driving detection engineering, automated response, and complex incident handling. You’ll be responsible for optimizing detection rules, developing playbooks, and managing high-severity incidents from triage to resolution. In parallel, you’ll mentor Level 1 and 2 analysts, preparing to lead your own team in the future. While EDR remains part of the security stack, your primary emphasis is on leading Incident Response activities leveraging SIEM and SOAR to enhance operational efficiency and threat mitigation. This role requires deep technical expertise, leadership potential, and a proactive approach to evolving threats.
-
●Oversee daily operations including SIEM/SOAR tuning, alert triage, and coordinated incident response to ensure effective real-time threat monitoring.
●Lead end-to-end security incident response, including analysis, containment, mitigation, and reporting, leveraging SIEM/SOAR insights and cross-team coordination for swift resolution.
●Design and implement detective controls for emerging threats and vulnerabilities.
●Perform proactive threat hunting across multiple platforms and environments.
●Support in designing and maintaining detection rules, response playbooks, and escalation paths aligned with threat intelligence and compliance.
●Continuously enhance SIEM/SOAR/XDR alert use cases and threat detection capabilities.
●Act as a senior liaison with threat intelligence and infrastructure teams to enhance detection and response capabilities.
●Research emerging threats, vulnerabilities, and attack techniques to improve defenses.
●Participate in a 24/7 on-call rotation to support incident response and critical investigations.
●Document incident response activities and produce detailed reports for stakeholders.
●Conduct post-incident reviews to drive improvements in tools, processes, and readiness.
●Collaborate across teams to improve the organization’s threat detection and response maturity.
●Maintain detailed incident records, contribute to reporting, and support audit readiness.
●Guide and train junior analysts, promoting best practices and continuous improvement within the SOC.
●Ensure detection and response processes align with regulatory and organizational standards.
●Stay up to date on emerging threats and technologies to continuously evolve SOC capabilities.
●Support comprehensive asset inventory and ownership mapping to ensure full monitoring coverage.
Exp and Qualification
●Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CISM, SANS/GIAC, ECIH, GCIH, CEH, DFIR) may be preferred.
●7-11 years of total experience in SOC in a large multi-national organization or in a known MSSP. In addition to minimum 8 years of Incident Response experience, candidate should posses at least 2 years of experience on SOAR capabilities.
Technical & Soft Skills:
●Deep hands-on expertise with technologies like SIEM, SOAR, XDR such as Google Chronicle, Crowdstrike Logscale, Splunk.
●Strong working knowledge of endpoint security tools and concepts, including EDR (CrowdStrike, Defender, Cortex), DLP, and MDM.
●Strong knowledge of MITRE ATT&CK, NIST CSF frameworks, and cyber kill chain concepts.
●Advanced proficiency in automating incident response using SOAR technologies.
●Solid understanding of network security, operating systems, and hybrid cloud environments (Cloud, On-Prem, VDI).
●Proficiency in scripting languages (e.g., Python, PowerShell) for automation and analysis.
●In-depth knowledge of threat landscapes and technical security concepts.
●Strong grasp of network protocols, OS internals, and security technologies.
●Familiar with compliance standards such as NIST CSF and ISO 27001.
●Strong organizational and time management skills with the ability to coordinate and prioritize multiple tasks simultaneously.
●Ability to work under pressure, especially during critical security incidents.
●Ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations.
●Skilled in developing professional documentation and detailed reporting (including PowerPoint presentations), including policies, standards, processes and procedures
●Very high attention to detail, with strong skills in managing/presenting data and information.
●Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills.
●Excellent communication and interpersonal skills to effectively collaborate with stakeholders, and internal teams.
METRO is a leading international food wholesaler which specialises in serving the needs of hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). Around the world, METRO has approx. 15 million customers who benefit from the wholesale company’s unique multichannel mix: customers can purchase their goods in one of the large stores in their area as well as by delivery (Food Service Distribution, FSD) – all digitally supported and connected. In parallel, METRO MARKETS is being developed as an international online marketplace for the needs of professional customers which has been growing and expanding continuously since 2019. Acting sustainably is one of the company principles of METRO which has been listed in various sustainability indices and rankings, including MSCI, Sustainalytics and CDP. METRO operates in more than 30 countries and employs over 85,000 people worldwide. In financial year 2023/24, METRO generated sales of €31 billion. More information can be found at MPULSE.de, our online magazine.
Data protection notice:
https://www.metroag.de/en/data-privacy/social-media
Imprint:
https://www.metroag.de/en/imprint
