SOC L2 Analyst

We're looking for a SOC L2 Analyst to take ownership of escalated alerts, lead investigations, and drive detection engineering across our security operations stack. You'll work hands-on with Wazuh, CrowdStrike, and osquery — digging into endpoints, correlating signals, and turning incidents into hardened detections.

What You'll Work With: Wazuh · CrowdStrike Falcon · osquery · MITRE ATT&CK · Sigma / YARA · Python · PowerShell

Reporting to: Head of Security and Infrastructure

Responsibilities:

• Triage and investigate escalations from L1, including EDR, SIEM, and threat intel alerts

• Lead incident investigations end-to-end — scoping, containment, eradication, recovery

• Perform host and endpoint forensics: process trees, persistence, lateral movement, artifacts

• Analyze suspicious binaries and scripts; identify malware behavior and IOCs

• Tune and develop detections in Wazuh and CrowdStrike — rules, custom queries, response actions

• Write and maintain osquery packs for fleet-wide investigation and continuous monitoring

• Hunt proactively for threats using EDR telemetry, logs, and threat intelligence

• Produce clear incident reports — technical findings, timeline, root cause, recommendations

• Contribute to playbooks, runbooks, and post-incident reviews

• Partner with IT, infrastructure, and engineering teams on remediation and hardening

Candidate profile:

• 3+ years in SOC, incident response, or threat hunting roles (L2 level)

• Hands-on production experience with Wazuh — rules, decoders, agents, integrations

• Hands-on CrowdStrike Falcon experience — investigations, RTR, custom IOAs

• Strong osquery skills — writing queries, building packs, fleet-wide hunts

• Solid understanding of malware behavior, common TTPs, and the MITRE ATT&CK framework

• Investigation experience across Windows, Linux, and macOS endpoints

• Log analysis and correlation across endpoint, network, identity, and cloud sources

• Familiarity with reverse engineering concepts — static and dynamic analysis basics

• Experience with fraud detection and incident response

• Scripting in Python, PowerShell, or Bash

Nice to Have:

• Digital forensics experience — disk, memory, timeline analysis (Volatility, Velociraptor, KAPE)

• Deeper reverse engineering skills (IDA, Ghidra, x64dbg)

• Detection engineering with Sigma, YARA

• Cloud incident response (AWS, GCP, Azure)

• Threat intelligence and IOC pivoting (MISP, OpenCTI, VirusTotal)

• Certifications — GCIH, GCFA, GCFE, GREM, OSCP, CrowdStrike CCFA / CCFR

• Experience in regulated environments (fintech, financial services)

Our offer:

• A certified Great Place to Work®  reflecting our commitment to a positive culture, employee well-being, and support

• Welcoming, young and multicultural team with approachable leadership

• Ability to contribute to dynamic business at a growth phase

• High level of autonomy, support of ideas and putting your expertise into the best practices for the company

• Continuous personal development, training budget, growth with the company and opportunity to learn from industry leaders

• Competitive remuneration, regular salary reviews and performance-based incentive schemes

• Vibrant company life: from team activities to global celebrations

• New beautiful office in an easily accessible location with company-provided fruits, breakfasts and lunches

• Free access to multiple sports and wellness facilities across the country

• Free company-provided parking

• Medical insurance and pension fund after probation period

• A gift and a day off on your Birthday

• Visa and work permit support if required