SOC Manager

SOC Manager at Alstom

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

Could you be the full-time SOC Manager we’re looking for?

Your future role

Take on a new challenge and apply your cybersecurity expertise in a cutting-edge field. You’ll work alongside collaborative and dynamic teammates.

You'll play a pivotal role in protecting our infrastructure and ensuring a secure environment for our operations. Day-to-day, you’ll work closely with teams across the business (IT, facilities, threat intelligence, and vulnerability management), oversee security operations, and implement governance and compliance measures, and much more.

You’ll specifically take care of leading SOC analysts and managing incident response processes, but also driving continuous improvement in SOC workflows and detection capabilities.

We’ll look to you for:

• Leading and managing SOC analysts across multiple shifts to ensure 24/7 security monitoring and incident response
• Overseeing threat detection and response using SIEM, NIDS, and endpoint protection platforms
• Administering and maintaining Trellix ePO for endpoint security and policy enforcement
• Monitoring and managing alerts from Network Intrusion Detection Systems (NIDS)
• Coordinating incident tracking and resolution using ServiceNow
• Collaborating with IT and facilities teams via Maximo for infrastructure-related security events
• Developing and managing shift rosters to ensure optimal coverage and reduce analyst fatigue
• Ensuring SOC operations align with internal policies and external regulatory requirements (e.g., ISO 27001, NIST, GDPR)
• Driving automation and optimization of SOC workflows and alert triage
• Generating and presenting regular reports on SOC performance, incident trends, and threat landscape

All About You

We value passion and attitude over experience. That’s why we don’t expect you to have every single skill. Instead, we’ve listed some that we think will help you succeed and grow in this role:

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or related field
• Minimum 10 years of experience in cybersecurity, with at least 3–5 years in SOC operations and team leadership
• Strong experience with SIEM platforms, Trellix ePO, NIDS, ServiceNow, and Maximo
• Solid understanding of incident response, malware analysis, and threat intelligence
• Relevant certifications such as CISSP, CISM, GCIA, GCIH, CEH, or equivalent
• Experience with cloud security monitoring (AWS, Azure, GCP)
• Familiarity with the MITRE ATT&CK framework and threat modeling
• Knowledge of scripting and automation (Python, PowerShell)
• Experience managing SOC operations in a hybrid or global environment

Things you’ll enjoy

Join us on a life-long transformative journey – the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. You’ll also:

• Enjoy stability, challenges and a long-term career free from boring daily routines
• Work with new security standards for rail signalling
• Collaborate with transverse teams and helpful colleagues
• Contribute to innovative projects
• Utilise our flexible and inclusive working environment
• Steer your career in whatever direction you choose across functions and countries
• Benefit from our investment in your development, through award-winning learning
• Progress towards senior leadership roles or specialized technical expertise
• Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension)

Important to note

As a global business, we’re an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. We’re committed to creating an inclusive workplace for everyone.

Key skills/competency

• Security Operations Management
• Incident Response Leadership
• SIEM Platforms
• Threat Detection
• Endpoint Protection (Trellix ePO)
• Network Intrusion Detection Systems (NIDS)
• Regulatory Compliance (ISO 27001, NIST, GDPR)
• Cloud Security Monitoring
• Automation and Scripting
• Team Leadership