Senior Incident Responder and Blue Team Technical Lead

🔐 Senior Incident Responder / Blue Team Technical Lead / Permanent

San Sebastian (Basque Region) , Spain | Hybrid (3 days on-site)

For a top global client, we are looking for a Senior Incident Responder to take a hands-on technical lead role within the Blue Team and Incident Response function.

🔎 The Role

The organization operates a hybrid SOC model, with an external SOC handling L1/L2 activities and an internal security team. The objective of this role is to internalize the operational leadership of incident response while remaining deeply technical.

This is a senior, operational position for someone who enjoys ownership, investigation, and continuous improvement.

🛠 Key Responsibilities

• Act as Incident Response Lead and Blue Team Technical Lead
• Take operational ownership of incidents and L1/L2 tickets when required
• Challenge and improve the performance of the external SOC
• Enhance SIEM rules, detections, and response workflows
• Lead investigations and coordinate global security incidents
• Perform and guide forensic data collection and analysis
• Drive innovation and continuous improvement in incident response capabilities

✅ Required Experience

• 5+ years experience in Incident Response / SOC / Blue Team operations
• Hands-on experience with SIEM platforms and detection engineering
• Solid forensics and investigation skills
• Ability to lead technically while remaining operational
• Experience working in international, enterprise environments
• Fluent English (working language)

📌 Additional Information

• Location: Hernani, Spain (hybrid – 3 days on-site),
• Contract: Internal position (no contractors)
• Start date: ASAP (target within 2–3 months)
• Salary: Competitive, depending on experience
• Candidates must be living in Spain (Relocation okay)