Position Overview: 

We are seeking a dedicated SOC Analyst to join our dynamic security team. The SOC Analyst will be responsible for monitoring, detecting, and responding to security incidents across our corporate infrastructure, SaaS platforms, data centers, and customer services. This role involves close collaboration with our MSSP partners to maintain a robust security posture as well as working with Product, R&D, IT and the different Datacentres.

Key Responsibilities:

• Security Monitoring: Continuously monitor security alerts and events across various platforms, including Office 365, corporate SaaS applications, and data centers.
• Incident Detection and Response: Identify potential security incidents, conduct initial triage, and coordinate with internal teams and MSSPs for effective response.
• Threat Analysis: Analyze security threats and vulnerabilities to assess potential impact on the organization.
• Collaboration: Work closely with MSSP partners and internal stakeholders to enhance detection capabilities and improve incident response processes.
• Documentation: Maintain detailed records of security incidents, including analysis, response actions, and lessons learned.
• Continuous Improvement: Participate in the development and refinement of SOC processes, playbooks, and procedures to enhance operational efficiency.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Information Security, or a related field.
• Experience: Minimum of 2 years of experience in a SOC or similar security-focused environment.
• Technical Skills:
• Proficiency in using Security Information and Event Management (SIEM) tools.
• Familiarity with cloud security principles and experience with platforms such as Office 365 and other SaaS applications.
• Understanding of network protocols, intrusion detection systems, and incident response methodologies.
• Certifications: Relevant certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH) are preferred.

• Soft Skills:
• Strong analytical and problem-solving abilities.
• Excellent communication skills, both written and verbal.
• Ability to work collaboratively in a team environment.
• Attention to detail and a proactive approach to identifying and mitigating security threats.
• Fluent in English.

About the Role

We’re looking for a Junior Security Operations Engineer who is AI-Forward to help scale and modernize our SecOps program. This is a hands-on, builder role for someone who will design and ship the security tooling that powers our triage, investigations, and response workflows.

You’ll report to the Technical Operations Director and work alongside our GRC lead to improve our vulnerability intake, threat response, darkweb posture, and internal security tooling. A core part of this role is building AI-assisted security tooling: triage agents that pre-classify bug bounty reports, investigation copilots that pull context from logs and SIEM data, response workflows that draft remediation steps and track them to closure. You’ll spend as much time wiring up that tooling as you will reproducing vulnerabilities and working incidents.

This role suits someone who thrives in a lean, high-impact environment, has strong opinions on where humans add value versus where tooling should take over, and wants to shape how a modern security team operates.

What You’ll Do

Triage & Vulnerability Management

• Review incoming vulnerability reports from our bug bounty intake; reproduce and document valid issues for engineering teams.
• Build the tooling that improves signal-to-noise: automate duplicate detection, spam filtering, and abuse flagging so humans only touch what’s worth touching.
• Act on DAST findings: coordinate remediation, verify fixes, and re-test.
• Track remediation timelines for critical vulnerabilities and keep stakeholders honest on SLAs.

Threat Response & Monitoring

• Monitor and respond to EDR and cloud security alerts; investigate, contain, and document.
• Analyze darkweb findings and credential exposures; shape our darkweb monitoring practices and tooling over time.
• Improve detection coverage: tune noisy rules, close gaps, and enrich alerts with context so responders spend time on decisions, not data gathering.
• Help configure and tune DLP, SIEM, and AI security tooling.

Security Tooling (core to this role)

• Build AI-assisted triage tooling that pre-classifies bug bounty reports, flags duplicates, and routes real issues to the right engineering team with reproduction context attached.
• Build investigation tooling: LLM-backed copilots and Slack bots that pull alert context, correlate signals across sources, and surface what actually matters.
• Build response tooling: workflows that draft remediation steps, generate evidence artifacts, and track issues to closure across the teams that own them.
• Evaluate emerging AI security tooling and bring what’s genuinely useful into the stack; retire what isn’t.
• Apply a security-minded lens to our own AI usage: prompt injection, data exfiltration, model misuse, and the guardrails that go around them.

Compliance & Cross-Functional

• Support audit evidence collection for SOC 2, ISO 27001, and PCI DSS.
• Partner with ITOps to verify patches, endpoint coverage, and access hygiene.

You May Be a Good Fit If You Have

• Previous experience in a SecOps, Security Analyst, or Threat Response role.
• Proven ability to understand and reproduce technical vulnerabilities. You can read a bug report and tell whether it’s real.
• Experience with bug bounty triage (HackerOne, Bugcrowd, or similar).
• Hands-on exposure to SIEM, EDR, and DLP tools in production environments.
• A genuine, demonstrated interest in applying AI/LLMs to security work: side projects, internal tooling, prompt engineering, agent frameworks, anything that shows you’ve actually built with this stuff.
• Scripting and automation skills in Python, Bash, or similar. You reach for code before you reach for a checklist.
• Comfort working autonomously across time zones and asynchronously.
• Strong written communication. You can turn a messy investigation into a clear, defensible writeup.

Bonus Points For

• Experience building LLM agents, RAG pipelines, or Slack bots backed by OpenAI / Anthropic / open-source models.
• Detection engineering experience (Sigma rules, custom Falcon queries, Grafana/Loki dashboards).
• Cloud security depth in AWS or GCP (IAM, workload posture, cloud-native logging).
• Prior work in regulated environments (SOC 2, ISO 27001, PCI DSS) from the practitioner side.
• Exposure to AI/ML security concerns such as prompt injection, model evals, and data leakage through LLMs.
• Public contributions: blog posts, CVEs, open-source tools, CTF writeups.

Engagement & Logistics

• Full-time contract.
• Remote-first and async-friendly. We have hubs in San Francisco, Denver, Dublin, and Amsterdam. If you’re near one, we’d love to see you in the office regularly; if you’re elsewhere in the world, that works too.
• Potential to extend or convert based on fit.
• Reports to the Technical Operations Director; works closely with the GRC lead and IT Operations.

How We Work

We’re a lean, high-trust team. We value people who ship, who can operate independently, and who treat security as an engineering problem rather than a checklist. If you’re someone who sees a repetitive task and immediately thinks “this should be a script, or better yet, an agent,” you’ll fit in here.

To Apply

Tell us about a time you used AI, automation, or custom tooling to meaningfully change how a security workflow ran. What was manual before, what it looked like after, and what you learned. Links to code, writeups, or demos are welcome.

SENIOR CYBERSECURITY ANALYST (SOC)  
EU Region (Remote / Hybrid) 

WHO WE ARE 

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.  

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.  

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. 

We’re excited you’re thinking about joining us. 

WORKING IN CYBER AT S-RM 

Our Cyber Security team is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Managed Services,  Risk & Resilience, and Incident Response practices are in more demand than ever.  

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. 

We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow.  

If that sounds like your kind of team, we’d like to hear from you. 

THE ROLE 

Our Security Operations Centre is a critical part of our Cybersecurity division’s success.  

As a Senior Analyst (SOC), you will add your cybersecurity expertise in a vital delivery role to our managed detection and response services. You will need fluent, technical English and German language skills. 

In this role, you will leverage the infrastructure and tools that power our Security Operations Center (SOC) to deliver desired security outcomes for our managed services clients, with a particular focus on those in the EU region. The ideal candidate will be highly proficient in using security platforms such as SIEM, SOAR, EDR, and other advanced security technologies. You will have experience leading other analysts or sub-teams in a SOC environment and be comfortable acting as a point of escalation. As a senior analyst, you will be responsible for high-level incident management, process improvement, and mentoring junior analysts. This hybrid role involves majority remote work and occasional in-office presence for collaboration, teamwork, and development projects.  

Delivery 

• Cyber-Security Operations: Contribute to day-to-day SOC team-related activities, ensuring efficient monitoring, detection, and response to security threats across our clients’ estates.  

• Monitor Security Events: Continuously monitor and analyze security alerts from EDR, SIEM and other security tools to detect suspicious activities or potential threats. 

• Incident Response: Conduct investigations and respond to security incidents, executing containment, mitigation, and remediation steps as necessary. 

• Threat Detection: Use expertise to tune detection rules, automate workflows, and improve incident detection accuracy. 

• Log Analysis: Perform in-depth log analysis from firewalls, endpoint protection platforms, and other solutions to investigate complex incidents. 

• Incident Reporting and Documentation: Ensure all incidents are thoroughly documented, including timelines, analysis, mitigation steps, and lessons learned, and deliver regular reports to stakeholders. 

• Global Delivery Role: Act as second line escalation and support to the on-shift SOC Analysts in our 24x7 SOC team. 

• EU Regional Client Focus: Support onboarding and service request activity for our EU MDR clients, in particular EU clients with named SOC points of contact. 

• Threat Hunting: Proactively search for indicators of compromise (IoCs) and advanced threats within the environment, utilizing both automated tools and manual analysis. 

• Threat Intelligence: Stay up to date on the latest cybersecurity threats, vulnerabilities, and attack techniques, and integrate threat intelligence into detection and response efforts. 

Team Development: Provide guidance and mentorship to junior SOC analysts, fostering skill development and ensuring adherence to security best practices. 

Growth of the service 

• Continuous Improvement: Collaborate with the SOC team to develop and implement SOC strategies, improve processes, and introduce new technologies to strengthen our clients’ security posture. 

• Collaboration: Collaborate with SOC analysts, security engineers, and IT teams to ensure seamless operation of security tools and alignment with broader cybersecurity practices. 

• Security Enhancements: Identify areas for improvement in security monitoring and response capabilities, proposing and assisting with implementing new solutions where appropriate. 

• New Clients: Our MDR service is growing quickly; you will be assisting with onboarding and configuring SOC services and technology for new customers. 

• Collaborating with Global Teams: Work closely with other cyber security service lines to ensure seamless integration of SOC operations with our broader cybersecurity initiatives and business units, especially Incident Response. 

• Contributing to Internal Technical Development Initiatives: When the schedule allows, you will have opportunities to participate in and contribute to internal technical development initiatives, enhancing our tools, processes, and overall incident response capabilities. 

WHAT WE’RE LOOKING FOR 

Candidates with the following qualifications and experience are likely to succeed in our Managed Services practice at S-RM.  

That said, if you don’t think you meet all the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest, capabilities and willingness to learn in others. 

We nurture a culture of equality, diversity and inclusion, and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives. 

We’re looking for: 

• Qualifications: A Bachelors or Masters degree in a relevant subject, for example cybersecurity, computer science; relevant industry certifications are advantageous, including any of the following or evidence of working towards attaining these: Blue Team, CISSP, Security+. 

• Experience: 3+ years of experience in a SOC or cybersecurity operations role, with demonstrated team leadership/supervisory experience. 

• Technical Expertise: Strong understanding of EDR and SecOps toolsets - with experience configuring and leveraging these tools for incident detection and response. 

• Leadership: Experienced in mentoring junior SOC analysts, with good communication and team-building skills. 

• Customer Minded: We put our clients at the heart of everything we do, going the extra mile for them will be second nature to you. You should be comfortable in client-facing situations and able to discuss cybersecurity issues in customer-friendly language. 

• Approach: An investigative mindset. You should be comfortable solving problems with limited information and guidance and be curious to learn. 

• Reliability:  Our customers depend on us to manage their security and provide cyber-resilience; you must be dependable. 

• Personal Interest: Demonstrable knowledge of cyber threat actors, and their tactics, techniques, and interest in cybersecurity matters, security monitoring and threat detection techniques. 

• Communication: Clear and concise communication skills, with the ability to work effectively across teams; you should be able to communicate your technical findings for a non-technical audience in a professional setting. Able to vet and quality assure incident reports and summaries. 

The successful candidate must have permission to work in the Netherlands by the start of their employment. 

To apply for this role, please submit an up-to-date CV through this link: Job Application for Senior Cybersecurity Analyst (SOC) at S-RM