Since 2011, SQUAD Group has been a key player in the cybersecurity landscape. We partner with leading organizations to protect their information systems through a comprehensive 360° offering of consulting, integration, expertise, and managed services.
Our mission: Securing Together!
We believe in a collaborative approach to cybersecurity, where experts and clients work hand-in-hand to anticipate threats and protect critical infrastructure.
As part of our growing team, we're seeking a SOC Analyst to join a top-tier Incident Response team, defending the digital assets of a company that connects hundreds of millions of people every month. The position is fully remote within Spain.
Your Role
You are a hands-on incident responder. From the moment an alert fires to final resolution, you investigate, contain, and document security incidents with rigor and autonomy. Phishing and email-based attacks make up a significant share of the workload, so a sharp eye for email analysis is essential.
Your Responsibilities
* Investigate and respond to security incidents across their entire lifecycle, from detection and triage through containment, root cause analysis, and closure.
* Analyze suspicious emails and phishing campaigns, leveraging header analysis and authentication standards (SPF, DKIM, DMARC).
* Respond to a variety of alert types, including malicious URLs and compromised domains.
* Apply and contribute to incident response playbooks, bringing analytical judgment to every investigation.
* Build and run XQL queries in the Palo Alto Cortex platform to support and accelerate investigations.
* Produce clear, structured incident documentation and escalate appropriately.
What You Bring
* 1–3 years of hands-on SOC experience with strong operational fundamentals.
* A solid grasp of incident triage and investigation methodology — you understand why an alert fired, not just how to close it.
* Practical experience analyzing phishing and email-borne threats.
* Familiarity with Palo Alto Cortex (XSIAM/XDR) and XQL is a strong asset;
Microsoft Sentinel/KQL experience is also welcome.
* A rigorous, transparent approach to investigation — you verify before concluding.
* Genuine motivation to build a career in Incident Response.
Preferred Certifications: BTL1/BTL2, GIAC GCIH, Palo Alto Networks Cortex XDR/XSIAM certifications, Microsoft SC-200
Why Join Squad?
* Personalized Growth: We help you build a training and certification plan aligned with your professional goals through our SquadeXpérience.
* Expertise Development: Participate in internal events like our MixYourTalent webinars and monthly CTF sessions.
* Visibility: Attend major industry conferences and contribute to our #TheExpert technical blog.
* Culture: Enjoy a dynamic and close-knit environment with after-work events and team gatherings that foster great camaraderie.