CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.
CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.
We are looking for a SOC Analyst L2 to join our SOC, which monitors, investigates, and resolves security incidents, violations, and suspicious activities. Our global SOC group takes innovative approaches and uses the most cutting-edge technologies.
Your main tasks and accountabilities will be:
* Work closely with SOC L1, L3, and customers, including daily calls, to handle escalations and address True Positive incidents efficiently.
* Perform in-depth analysis of escalated incidents to identify root causes and the kill chain.
* Escalate to L3 or customers if necessary or guide L1 team until resolution.
* Handle L2+ escalations and resolve incidents within SLAs.
* Perform remediation steps or initiate actions for resolution.
* Prepare RCA (Root Cause Analysis) for major incidents.
* Identify security gaps, recommend rule fine-tuning, new rules, or solutions for SIEM.
* Suggest new use cases, including logic, thresholds, and queries for SIEM optimization.
* Create/manage playbooks, runbooks, and ad-hoc documentation.
* Provide knowledge transfer, cheat sheets, guides, and advanced hunting techniques to L1 analysts.
* Share expertise across the team to strengthen overall capability.
* Support L1 during incidents and address client concerns.
* Proactively recommend improvements for rule fine-tuning and thresholds.
* Perform and review daily operational tasks related to incident detection, triage, analysis, and response.
* Address security-related concerns and provide solutions to customers directly.
What do we expect from you:
* 3+ years in Cybersecurity/SOC, with at least 2 years in SOC operations.
* Hands-on experience with tools like Splunk, EDR (e.g., SentinelOne), and Microsoft Security products.
* Experience with multiple SIEM tools (Sentinel, Qradar, Splunk) and EDR tools (Crowdstrike, CarbonBlack, Cybereason, MS Defender, SentinelOne).
* Proficiency in Linux, including server management and command-line operations.
* Strong knowledge of enterprise IT infrastructure (networks, firewalls, OS, databases, web applications, etc.).
* In-depth understanding of security concepts (cyberattacks, threat vectors, incident management, risk management, etc.).
* Desirable certifications in Ethical Hacking, SIEM tools, or similar.
* Understanding of ISMS principles (e.g., ISO27001 frameworks).
* Proficient in incident detection, response, and management.
* Up-to-date knowledge of cybersecurity trends, risks, and incidents.
* Strong verbal and written communication in English.
* Excellent interpersonal and presentation skills.
* Ability to work with minimal supervision.
* Complete learning programs recommended by managers.
* Suggest and help develop innovative ideas to optimize processes and reduce manual work.
* Actively assist L1 team members when needed.
What do we offer?
* 23 days of Annual Leave plus the 24th and 31st of December as discretionary days.
* Remote work within Spain. Preferred location Barcelona as part of the team is in Barcelona and so you could benefit from different team building activities that we do in the team.
* Normal office hours. No on-call duty.
* Numerous benefits (Heath Care Plan, teleworking compensation, Life and Accident Insurances).
* `Retribución Flexible´ Program: (Meals, Kinder Garden, Transport, online English lessons, Heath Care Plan…)
* Free access to several training platforms
* Professional stability and career plans
* Referral program
* The option to pick between 12 or 14 payments along the year.
* Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime…)
Come join us in creating secure digital ecosystems at a global scale!