Senior SOC Analyst

Do you want to join us on an ambitious mission to secure the digital world?

Keepit is looking for a Senior SOC Analyst (SOC L3 Analyst) to join our Security Operation Center in Krakow, Poland. 

We are growing fast as a company and do our best to bring our SaaS cloud-based backup services to the global audience.

Our platform is designed to provide customers with an immutable historical archive of their primary data in systems such as Microsoft 365, Google Workspace, Salesforce, Azure AD/Entra ID, Dynamics 365, and Zendesk. It aims to protect them against everything, starting from ransomware to simple accidents.

Most of our back-end components are written in clean, modern C++ using mainly purpose-built components and STL. Several components that deal with business processes and data mining are built using Common Lisp. Everything runs on Linux.

Backing up billions of objects over foreign APIs using imperfect networks on systems with finite memory and making it all happen in as little time as possible is no small feat.

We are a product-centred company and cyber security is one of our main priorities.

If you think solving complex problems is fun, we have strong indications that we will not run out of challenging problems any time soon. Come join us for the fun!

Primary Responsibilities:

• Act as a senior incident responder for escalated security incidents
• Develop and optimize SIEM rules, fine-tuning alerts to reduce false positives
• Create and maintain playbooks for incident handling and ensure knowledge transfer to manager analysts
• Working on connecting new log sources, log optimization, and parsing.
• Perform threat hunting, root cause analysis, and forensics
• Provide mentorship and training to L1 analysts to enhance SOC capabilities.
• Lead incident response efforts and coordinate across IT, security, and management teams
• Act as a spare SOC engineer

Skills and Qualifications:

• 4+ years of experience in SOC environments or equivalent
• Obligatory expertise in SIEM solutions (MS Sentinel, Elastic SIEM, Wazuh) with demonstrated ability to create, optimize, and manage rules
• Hands-on experience with malware analysis, reverse engineering, and forensics.
• Advanced knowledge of incident response frameworks (NIST, SANS) and tools (e.g., EDR, IDS, IPS, centralized antivirus etc)
• Strong knowledge of security standards (ISO 27001, NIST) and ability to map them to incident handling procedures
• Leadership and mentorship skills, with a proven track record of training and upskilling junior analysts
• Relevant certifications: CSA, CISSP, GIAC, OSCP, CEH, or equivalent will be an advantage

A fair and transparent recruitment process 

During the recruitment process, you can expect the following stages:

CV screening, Recruitment interview, Recruitment feedback review, Technical interview, Technical task (optionally), and Final interview.

You will be assessed according to the criteria below:  

Technical Skills:

• Incident Response: Proficient in investigating, analyzing, and mitigating complex security incidents.
• Threat Hunting: Hands-on experience with proactive threat-hunting methodologies and tools.
• Forensic Analysis: Skills in endpoint, network, and memory forensic investigations.
• Malware Analysis: Capable of conducting static and dynamic malware analysis.
• SIEM Mastery: In-depth knowledge of SIEM platforms (e.g., MS Sentinel, Elastic, Wazuh, including rule creation, query optimization, and reporting.
• Automation: Familiarity with SOAR platforms and scripting (Python, Bash, PowerShell) for automating routine tasks.
• Cloud Security: Understanding of securing cloud environments (Azure) and detecting cloud-based threats.
• Threat Intelligence: Ability to operationalize threat intelligence and correlate indicators with incidents.

Soft Skills:

• Analytical and Problem-Solving Skills: A systematic approach to identifying and resolving complex issues.
• Leadership: Ability to mentor junior team members and provide technical guidance.
• Teamwork and Collaboration: Proven ability to work effectively in cross-functional teams.
• Communication Skills: Capability to communicate technical details clearly to non-technical stakeholders.

Language: 

• English is a preferred language, and we expect you to be fluent in it, both written and spoken.

Logical Thinking:

• Structured Problem Solving: Ability to break down complex security issues into actionable steps.
• Decision-Making Skills: Making informed and reasoned decisions under pressure.
• Pattern Recognition: Identifying unusual patterns and behaviours in data or systems.
• Scenario-Based Thinking: Proficiency in simulating and analyzing hypothetical threat scenarios.

If you have any questions about the job or the recruitment process, please feel free to reach out to Olha Hotra at oho@keepit. 

We offer: 

• Official employment – Umowa o pracę contract
• 4 additional working days of vacation leave per full calendar year
• 3 days of internal sick leave without a doctor`s note
• Health and Life Insurance
• Employee Capital Plan (PPK)
• Multisport card compensation
• Coverage of professional training sessions, meetups, etc.
• English-speaking club with native speakers
• Polish language classes
• Internet and Glasses reimbursement
• Cosy office in Krakow city centre (Długa, 72) with beverages, fruit, and cookies
• Winter and summer parties, events, team-buildings

We kindly ask you not to provide us with any sensitive categories of personal data when applying for a job with us. When applying for the vacancy, Keepit will process your personal data, and therefore we recommend that you also read our privacy policy, which describes our processing of personal data and your rights as a data subject.