SOC Analyst
Critical Software
full-time
Posted on:
Location Type: Hybrid
Location: Coimbra • Portugal
Visit company websiteExplore more
Tech Stack
About the role
- Monitor security alerts and events from EDR, identity protection, cloud security platforms, and other security tools
- Perform initial triage, enrichment, and classification of alerts following SOC playbooks
- Investigate low- to medium-complexity attack patterns, including: Adversary-in-the-Middle (AitM) attacks, suspicious login patterns, endpoint malware detections, privilege misuse indicators, suspicious email or phishing activities
- Correlate events across multiple systems to identify potential malicious behavior
- Use simple scripts (PowerShell, Python, KQL, Bash) for data enrichment, identifying anomalies, and performing small, targeted hunts in specific log sources
- Support senior analysts with observations gained during reconnaissance hunting activities
- Act as the first responder in the incident handling process
- Document findings and escalate incidents to Tier 2/3 analysts or the external SOC with clear, structured communication
- Collaborate with the external SOC provider to validate alerts, coordinate investigations, and ensure accurate incident classification
- Execute containment steps defined in playbooks when authorized
- Serve as an active contributor within the global cybersecurity team, maintaining strong partnerships across IT, operations, and business units
- Communicate technical information clearly to diverse stakeholders, both technical and non-technical
- Participate in daily SOC operational meetings, knowledge sharing, and cross-team collaboration
- Maintain accurate and comprehensive investigation documentation within ticketing and reporting systems
- Suggest improvements to detection rules, use cases, and SOC processes based on observed patterns
- Follow established SOC procedures while contributing to continuous improvement initiatives
- Follow existing SOC playbooks consistently during investigations and incident response workflows
- Contribute to the refinement, enhancement, or creation of Tier 1 playbooks, ensuring they accurately reflect real investigation needs.
Requirements
- Bachelor's degree in Computer Science, Information Technology, or equivalent professional experience
- 2+ years of experience in IT Security, SOC, Incident Response, or similar fields
- Foundational knowledge of cybersecurity principles, common attack vectors, and threat actor behaviours
- Understanding of the Cyber Kill Chain and MITRE ATT&CK frameworks and their application in investigations
- Ability to think from an attacker's perspective to better recognize malicious intent and weak signals
- Experience with EDR, identity, email, or cloud security tools
- Basic scripting ability (PowerShell, Python, KQL, Bash) for automation, enrichment, or simple hunting tasks
- Strong communication skills to work effectively with global stakeholders and external SOC teams
- High attention to detail and structured documentation habits
- Attacker mindset: Ability to anticipate adversary actions and identify early indicators
- Analytical thinking: Recognizing patterns, anomalies, and correlations across logs
- Analytical mindset: Quickly interpret data and identify suspicious patterns
- Collaboration: Ability to work effectively with globally distributed teams.
Benefits
- Private Health Insurance
- Employee Assistance Programme
- Home Office Support
- Extra Holidays
- Extra Parental Leave
- Flex-time
- Gradual Return to Work Support
- Away From Keyboard - Sabbatical programme
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
PowerShellPythonKQLBashEDRcloud securityincident responsecybersecurity principlesattack patternsthreat actor behaviours
Soft Skills
strong communication skillsattention to detailanalytical thinkingcollaborationstructured documentationattack mindsetability to recognize patternsability to anticipate adversary actionsclear communicationcross-team collaboration