Cyber Security Lead / Product Owner

ImpacT Hire is supporting one of our clients — a leading international digital technology center that is transforming its global cybersecurity landscape through advanced detection engineering, modern SIEM capabilities, and threat-driven strategy. As part of their growing Cyber Defense organization, we are now looking for a Cyber Security Lead / Product Owner, who will drive the evolution, roadmap, and strategic direction of the company’s SIEM and detection platforms.
This is a senior role for an experienced cybersecurity professional with strong technical depth, proven leadership in SIEM initiatives, and the ability to steer a product end-to-end — without disciplinary management responsibilities. The team is fully based in Bulgaria, and this position will serve as the primary PO for the SIEM Engineering domain.

Responsibilities:
➢ Define, own, and continuously refine the SIEM roadmap, ensuring alignment with the threat-driven cybersecurity strategy and organizational priorities;
➢ Prioritize and track:
• onboarding of new data sources;
• development and implementation of detection use cases;
➢ Design, build, and maintain threat detection use cases across SIEM, EDR, and cloud-native platforms;
➢ Collaborate closely with Threat Intelligence and Threat Hunting teams to ensure detection capabilities reflect evolving threat landscapes and adversary techniques (MITRE ATT&CK, kill chain, etc.);
➢ Work with engineering teams to drive improvements in automation, integration, and platform functionality;
➢ Develop and maintain reporting capabilities, dashboards, and visibility metrics;
➢ Ensure consistent processes and performance across global, regional, and functional cybersecurity teams;
➢ Manage, prioritize, and groom the product backlog, translate high-level requirements into actionable items, and communicate product vision clearly;
➢ Guide continuous improvements to processes, playbooks, and workflows related to detection, logging, and event ingestion;
➢ Serve as the key point of contact for the SIEM Engineering product — aligning stakeholders, managing expectations, and ensuring delivery.

Requirements:
➢ 7+ years of experience in cybersecurity, including at least 3 years in a functional leadership capacity (no disciplinary management required);
➢ Deep understanding of SIEM platforms, event correlation, detection engineering, log onboarding, and parsing;
➢ Hands-on experience with MITRE ATT&CK, kill chain, and threat-driven design of detection use cases;
➢ Strong experience with hybrid environments — on-prem + cloud — ensuring visibility across distributed infrastructures;
➢ Demonstrated ability to transform processes end-to-end and define strategy, vision, and capability maturity;
➢ Experience managing or leading cybersecurity teams, projects, or technical domains.

Nice to Have:
➢ Background as a Security Lead, SIEM Engineering Lead, or similar hands-on leadership role;
➢ Experience in the Banking/Financial sector or other regulated environments;
➢ Professional certifications such as CISSP, or vendor-specific certifications (Splunk, Sentinel, QRadar, LogRhythm);
➢ Strong familiarity with engineering, automation, and architectural elements of detection platforms.

What We Offer:
➢ 25 days of paid annual leave;
➢ Premium health & dental insurance;
➢ Monthly food vouchers;
➢ Multisport card;
➢ Annual benefit of 300 BGN net per child (up to age 15);
➢ Coverage for training, certifications, and conferences, plus access to an online learning platform;

If you are a cybersecurity leader with deep SIEM expertise and passion for driving threat-informed detection capabilities, this role offers the opportunity to make a strategic impact in a global security organization.