Remote•California•Illinois•Florida•New York•New Jersey•Barcelona•Brussels•London•Paris
Remote
Mid Level
Full Time
29 days ago
SOC AnalystLevel 2RemoteSecurity OperationsIncident Response
Requirements
- •2–5+ years of SOC, incident response, or security operations experience or equivalent
- •Strong ability to investigate cloud security operations, endpoint security, identity, and network fundamentals
- •Proficiency with at least one SIEM and common SOC tools such as Splunk, Elastic, Sentinel, CrowdStrike, Defender, Jira, ServiceNow
- •Ability to write clear incident documentation including timelines, scope, impact, containment actions, and remediations
- •Comfortable operating in an on-call or shift environment
What You'll Do
- •Investigate complex, multi-signal alerts including identity compromise, cloud control-plane abuse, endpoint persistence, lateral movement, suspicious automation, data exfiltration
- •Perform deep log and telemetry analysis across SIEM, EDR, cloud logs, IAM signals, network telemetry, email security, and SaaS audit trails
- •Build and validate hypotheses, produce incident timelines and scope assessments
- •Serve as technical incident lead for defined incident types/severities, driving containment and eradication
- •Execute and improve response playbooks for scenarios like phishing, credential theft, token/key compromise, suspicious API activity, ransomware, insider risk
- •Coordinate evidence collection and preservation for legal/compliance needs
- •Enrich investigations with threat intelligence and map behavior to frameworks like ATT&CK
- •Maintain watchlists and detection logic for priority threats
- •Tune SIEM correlation rules, EDR policies, and alert thresholds to reduce false positives
- •Propose and implement new detections for emerging techniques
- •Improve runbooks and automate enrichment steps
- •Provide mentorship and guidance to Level 1 analysts
- •Manage shift handovers and ensure high-quality case documentation
- •Contribute to SOC metrics and continuous improvement efforts
Nice to Have
- •Detection engineering experience including correlation rules, Sigma/KQL/SPL, alert pipelines, SOAR automation
- •DFIR fundamentals such as triage acquisition, endpoint artifact analysis
- •Container/Kubernetes logging and runtime security exposure
- •Practical scripting skills in Python or Bash for analysis and automation
- •Exposure to digital-asset ecosystem and 24/7 trading operations
- •Certifications like GCIH, GCIA, GCED, SC-200, AWS Security Specialty or equivalent
About Keyrock
Keyrock develops scalable, transparent proprietary algorithmic technologies to increase the liquidity of financial assets.
Belgium
100 - 250
Finance