Remote•California•London•Illinois•Florida•New Jersey•New York•Vienna •Brussels•Paris
Remote
Entry Level
Full Time
29 days ago
SOC AnalystLevel 1securitymonitoringremotecloud security
Requirements
- •0–2 years in a SOC / security monitoring / IT operations role (or equivalent hands-on experience, internships, labs)
- •Practical knowledge of security fundamentals: networking, DNS, HTTP(S), identity/authentication, and malware basics
- •Familiarity with log investigation and event triage concepts
- •Familiarity with common security tools and workflows (any of the following): SIEM (Splunk/Elastic/Sentinel), EDR (CrowdStrike/Defender), ticketing (Jira/ServiceNow), basic SOAR concepts
- •Strong written communication: produce clear, escalation-ready tickets and timelines
- •Ability to work rotating shifts/on-call (as required), including weekends/holidays depending on coverage model
What You'll Do
- •24/7 monitoring and alert triage across SIEM/EDR/cloud security tooling; identify false positives vs. credible threats and set appropriate severity
- •Initial investigation and enrichment: gather relevant logs/telemetry, add context, and document findings clearly in the case/ticketing system
- •Escalation and coordination: escalate confirmed/suspected incidents quickly and cleanly to L2/IR with a complete handoff (timeline, scope, IOCs, actions taken)
- •Runbook execution: follow SOPs for common events (phishing, suspicious logins, endpoint detections, cloud key/token risk, malware alerts, data exfiltration signals), including containment actions you’re authorized to perform
- •Threat-aware analysis: map alerts to adversary behaviors (e.g., MITRE ATT&CK techniques) to improve understanding and escalation quality
- •Operational hygiene: maintain accurate shift handovers, update watchlists and investigation notes, and identify recurring alert patterns for tuning recommendations
Nice to Have
- •Cloud security exposure (AWS/GCP/Azure): CloudTrail/Activity Logs, IAM analysis, detections for token/key misuse
- •Familiarity with incident response frameworks/processes (e.g., NIST incident response guidance)
- •Exposure to detection engineering concepts (rule tuning, false-positive reduction), or basic scripting (Python/Bash) for investigation automation
- •Knowledge of the digital-asset ecosystem (exchanges, custody concepts, operational risk in 24/7 trading environments)
- •Certifications (optional): Security+, Blue Team Level 1, SSCP, or equivalent practical training
Benefits
- •Work in a fast-moving, globally distributed environment shaping the future of digital financial markets
- •A culture that expects ownership, learning, and continuous improvement
About Keyrock
Keyrock develops scalable, transparent proprietary algorithmic technologies to increase the liquidity of financial assets.
Belgium
100 - 250
Finance