We’re looking for a skilled and curious SOC Analyst II to help strengthen our real-time threat detection and incident response capabilities. You’ll be at the front line of our security operations, monitoring real-time threats, fine-tuning detection systems, and leading incident investigations across cloud and on-prem environments. If you thrive in a high-stakes environment, love connecting the dots across logs and alerts, and are passionate about staying one step ahead of adversaries, this one’s for you.

What You’ll Do

• Monitor and analyze security events across infrastructure, applications, and cloud environments using SIEM tools (especially Wazuh) and endpoint monitoring solutions.

• Investigate alerts from WAF, DDoS protection platforms, intrusion detection/prevention systems, DLP, AV, Network Security, and perform initial triage, containment, and escalation of incidents.

• Correlate logs and security data to detect threats, suspicious behavior, and policy violations using MITRE ATT&CK or other frameworks.

• Maintain and fine-tune detection rules and correlation logic in Wazuh SIEM and other log aggregation platforms.

• Respond to and manage security incidents (SOC L2/L3 level) — perform root cause analysis, coordinate with stakeholders, and assist in recovery and documentation.

• Operate and support network and application layer firewalls, DDoS mitigation platforms, and threat intelligence feeds.

• Assist in defining and implementing security use cases, dashboards, and alerting mechanisms based on emerging threats and internal risk scenarios.

• Collaborate with IT and DevOps teams to ensure logging, alerting, and telemetry coverage across servers, applications, APIs, and containers.

• Contribute to the development of playbooks, SOPs, and knowledge base articles to standardize SOC operations and response.

• Participate in threat hunting activities, post-incident reviews, and red/blue team exercises to strengthen detection capabilities.

What You Bring

• Bachelor’s degree in Computer Science, Information Security, or equivalent experience in SOC or IT Security operations.

• 3–5 years of experience working in a SOC, MSSP, or security operations environment.

• Proven hands-on experience with SIEM tools — ideally Wazuh, ELK Stack, or similar open-source and enterprise SIEM platforms.

• Strong understanding of Web Application Firewalls (WAF), anti-DDoS technologies, and network traffic analysis.

• Experience monitoring and defending Linux/Windows environments, cloud platforms (AWS/GCP/Azure), and containerized infrastructure (Docker/Kubernetes).

• Familiarity with threat intelligence, IOC enrichment, and behavioral analytics tools and processes.

• Solid understanding of TCP/IP, DNS, HTTP, SSL/TLS, and common attacker techniques (reconnaissance, lateral movement, privilege escalation).

• Experience with log parsing, data normalization, and use of regex, JSON, or scripting (Python/Bash) to automate analysis.

• Good grasp of cybersecurity frameworks and standards like MITRE ATT&CK, NIST CSF, CIS Controls.

• Ability to manage incidents with calm, clarity, and attention to detail — both independently and in collaboration with teams.

Why Join Us

• Be part of a modern SOC function that values automation, continuous learning, and collaboration.

• Get exposure to real-time security challenges across fintech, cloud, and SaaS ecosystems.

• Be part of a forward-looking team that's actively exploring AI in security, both as a threat and a tool.

• Enjoy a learning-driven culture with support for certifications, research, and community engagement.