Job Information
IBM European Cybersecurity Site Leader - SOC & CSIRT in AMSTERDAM, Netherlands
Introduction
The Security Operations Center (SOC) and Computer Security Incident Response Team (CSIRT) are core components of the CISO organization, responsible for protecting enterprise IT assets through proactive monitoring, rapid detection, and decisive incident response. Together, these teams operate at the frontline of cybersecurity defense, safeguarding the organization in a constantly evolving threat landscape.
Our teams are made up of highly motivated, innovative, and out‑of‑the‑box thinkers who are committed to continuously improving the organization’s security posture. Through collaboration, operational excellence, and a strong culture of learning, the SOC and CSIRT work closely with business and technology partners to detect threats early, respond effectively to incidents, and strengthen resilience across the enterprise.
As the European Cybersecurity Site Leader based in Amsterdam, you will play a critical role in leading these capabilities across the region, with a strong emphasis on CSIRT leadership, incident response excellence, and crisis management, while ensuring seamless integration with SOC operations and alignment to global CISO strategy.
Your role and responsibilities
As the European Cybersecurity Site Leader, you will provide strategic, operational, and people leadership for both the Security Operations Center (SOC) and the Computer Security Incident Response Team (CSIRT), with a primary focus on incident response, investigations, and crisis coordination.
Key responsibilities include:
Provide overall site leadership in Amsterdam, Netherlands for the European SOC and CSIRT teams, ensuring operational excellence, resilience, and alignment with global cybersecurity strategy.
Lead and mature the CSIRT function, owning end-to-end incident response lifecycle including intake, triage, containment, eradication, recovery, and post-incident reviews.
Act as the senior incident response leader during high-severity and crisis incidents, coordinating technical teams, business stakeholders, legal, communications, and executive leadership.
Define, implement, and continuously improve incident response processes, procedures, playbooks, and standards in alignment with industry best practices.
Oversee SOC operations, ensuring effective threat monitoring, detection, escalation, and handoff between SOC and CSIRT functions.
Establish and track KPIs, metrics, and reporting for SOC and CSIRT performance, including incident trends, response effectiveness, and operational health.
Build and maintain strong partnerships with Business Information Security Officers (BISOs), IT, Legal, Risk, Privacy, and senior business leaders across Europe and globally.
Serve as a trusted advisor and subject matter expert on cybersecurity incidents, threat landscape, and response readiness for executive leadership.
Lead talent management activities including hiring, mentoring, performance management, succession planning, and development of high-performing teams.
Drive training, exercises, and simulations (e.g., tabletop exercises, crisis drills) to continuously improve incident readiness and team capabilities.
Stay current with emerging threats, attacker techniques, industry trends, and regulatory requirements, incorporating insights into operational improvements.
Required technical and professional expertise
10+ years of experience in cybersecurity, with at least 5 years in a people and operational leadership role.
Strong hands-on and leadership experience in Computer Security Incident Response (CSIRT) within a large, global enterprise environment.
Solid understanding of SOC operations, including threat monitoring, alert triage, escalation, and coordination with incident response teams.
Proven experience developing and executing incident response processes, standards, playbooks, and governance models.
Demonstrated ability to lead during high-severity incidents and communicate clearly with technical teams and executive stakeholders.
Experience managing cross-functional and geographically distributed teams.
Strong written and verbal communication skills, with the ability to translate technical findings into business-relevant insights.
Knowledge of common threat actors, attack vectors, malware, ransomware, phishing, insider threats, and advanced persistent threats (APTs).
Familiarity with security frameworks, standards, and regulatory requirements (e.g., NIST, ISO 27001, incident management best practices).
Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent practical experience.
High level of integrity, professionalism, and ability to operate effectively under pressure.
Preferred technical and professional experience
Advanced experience in digital forensics, threat hunting, or malware analysis.
Prior experience leading or scaling regional or global CSIRT capabilities.
Experience with security orchestration and response platforms (e.g., IR platforms, SOAR tools).
Strong understanding of cloud security incident response and modern hybrid environments.
Relevant professional certifications such as CISSP, CISM, GIAC (GCIH, GCED, GCFA), CISA, or equivalent.
Experience delivering incident response training, tabletop exercises, and executive simulations.
Exposure to international regulatory environments and breach notification processes.
Multilingual capabilities are a plus.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.