Senior SOC Analyst (Microsoft Azure Sentinel)

About us:

AIOPSGROUP, a valantic company, is a multidisciplinary digital competency center that builds extensive e-commerce expertise and a track record of successfully delivered projects. We provide specialized services at the intersection of e-commerce, data, and technology. Our portfolio includes Consulting, Customer Acquisition & Retention, Commerce Implementation, CX Monitoring, and 24/7 Support Services. We are committed to helping global enterprise clients achieve sustainable digital growth, while maintaining strong client relationships and delivering meaningful results.

valantic is a leading provider of digital transformation services and one of the most dynamic companies in the fields of digital solutions, consulting, and software. The company is trusted by numerous major brands and internationally recognized organizations. With its unique structure of divisions, competence centers, and expert teams, valantic offers solutions tailored precisely to the digitalization needs of modern businesses—from strategy to implementation.

What Are You Going to Do?

We are looking for a Staff Security Operations Analyst to join our Security team. In this role, you will be responsible for managing internal Corporate Security posture, monitoring security anomalies, building additional detections and visibility mechanisms, and ensuring the overall security of our internal systems. You will work closely with various teams to support audits, optimize visibility, and handle security incidents as they arise.

Please note that this role may require on-call shifts.

Main Responsibilities:

• Advanced Alert Investigation: Act as the primary escalation point for Tier 1 analysts, performing deeper correlation and behavioral analysis on complex, multi-stage security events. 

• Incident Response & Containment: Coordinate and execute tactical containment actions (e.g., host isolation, credential revocation, network blocks) during active, confirmed security incidents. 

• Threat Intelligence Utilization: Integrate active cyber threat intelligence (CTI) feeds and Indicators of Compromise (IoCs) into ongoing investigations to identify sophisticated threat actor campaigns. 

• Rule Tuning & Optimization: Analyze alert queues to identify false-positive trends and collaborate with Tier 3 engineers to recommend precise logic modifications for SIEM correlation rules and EDR policies. 

• Runbook Maintenance: Author, refine, and maintain Standard Operating Procedures (SOPs) and incident response runbooks to reflect evolving adversary tactics and techniques. 

• Maintain accurate records of incidents, investigations, and security-related activities within the incident management platform. 

• Create detailed reports on security incidents, response actions taken, and recommendations for improvement. 

• Research new concepts and present them to the internal team as well as customers. 

What Do We Expect?

• Technical Domain Expertise: Strong technical competency in network traffic analysis, log management architecture, endpoint forensics, and parsing diverse event logs across Windows, Linux, and enterprise cloud environments. 

• Framework Proficiency: Proven experience utilizing defensive frameworks specifically the MITRE ATT&CK matrix and the Cyber Kill Chain to map, trace, and document malicious adversary behavior. 

• Analytical Skills: Highly developed analytical mindset with the ability to dissect complex log data, analyze suspicious email artifacts, and interpret endpoint telemetry under operational time constraints. 

• Excellent English written and verbal communication skills. 

• Prior experience working within a 24x7 Security Operations Centre (SOC). Readiness to fulfill on-call roles 

• Security monitoring experience with one or more SIEM technologies, preferably Microsoft Sentinel. 

• Knowledge of EDR solutions including Microsoft Defender 

• Basic understanding of Windows, Linux and cloud technologies including Microsoft Azure and Office365. 

• Good understanding of security solutions including SIEMs, Web Proxies, Anti-Virus, Firewalls, VPN, authentication providers and mechanisms, encryption, IPS/IDS. 

• Basic understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols. 

Nice to have (big advantage):

• Active Certifications: GIAC Certified Incident Handler (GCIH), CompTIA Cybersecurity Analyst (CySA+), Cisco CyberOps Professional, or Blue Team Level 2 (BTL2). 

• Automation & Scripting: Foundational scripting capabilities (Python, Bash, or PowerShell) to assist in automating repetitive data-gathering or log-parsing tasks. 

• Cloud Ecosystems: Hands-on familiarity with native monitoring, logging, and security suites within enterprise cloud environments (AWS, Microsoft Azure, or GCP). 

Why Join Us?

• Competitive remunerations and benefits package
• Opportunity to grow your career and get exposure to international brands, working on complex multi-technology projects
• Friendly, yet competitive work environment where everyone’s success is celebrated
• Flexible working hours/working location