Cyber Defence ·​​ Global Security Operations Centre (GSOC) Level 2 Analyst

Cyber Defence ·​​ Global Security Operations Centre (GSOC) Level 2 Analyst

📍 Warszawa / hybrid​

📄 Contract of employment (Full-time)

🆔​ ​PL256601​

As part of the Cyber Defence team in the Global Security Operations Centre, you will provide security monitoring, triage, and investigation of potential incidents, and help to constantly improve the ways that the team works so that we can keep up with the latest threats against our business.

Fast and effective identification and triage of potential incidents is essential for us to protect our critical data and assets, and you will be at the forefront of this exciting area of Cyber Security, protecting the business and our interests daily.

Twój zakres obowiązków:

▪ ​Investigate alerts, security incidents and seeking out potential security issues through log analysis, and use of tools such as SIEM, UEBA, EDR, etc.

▪ Ensure that there is a timely response to any cyber incidents to minimise the impact to the business, including interacting with different technical teams and business areas where needed.

▪ Primary escalation point for complex incidents to conduct investigation, and initiate containment actions required.

▪ Escalate high priority or high severity alerts/incidents to escalations team according to the prescribed process.

▪ Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope, and nature of incidents.

▪ Escalation point to provide process and/or technical advice for Level 1 analysts.

▪ Manages shift workload to make sure they are assigned and handled according to KPI targets.

▪ Prepare and send the end of shift report to Leadership team.

▪ Document, attend and lead the handover call to ensure updates, unassigned tickets, tasks, and incident investigation that needs to be continued by next shift will be communicated.

▪ Perform quality audit for tickets that were handled by Level 1s to ensure incidents were handled according to prescribed processes.

▪ Recommend alert/s for tuning to minimize false positives and improve the businesses’ security posture against attackers and threats.

▪ Regularly contribute to the SOC playbooks and knowledgebase with findings from investigations such as different attacker tools, tactics, and procedures which can be applied to future investigations.

▪ Help deliver training to mature skills of new joiners or colleagues.

Nasze wymagania:

▪ You will be working as part of a 24/7 SOC across different locations and therefore you must be a true team player, with the ability and desire to engage with different internal stakeholders and colleagues to deliver the very highest standards of service and support.

▪ 4 - 7 Years’ Experience working as part of a mature cyber defence centre or security operations centre.

▪ To be effective, you need to have great troubleshooting skills, the ability to research problems and the ability to effectively communicate during stressful times, while keeping a cool, calm, and friendly approach when dealing with stakeholders and colleagues.

▪ Solid time management skills and be dependable.

▪ Hands on experience of using a SIEM, UEBA, and EDR as a Level 2 security analyst.

▪ Leading Investigations and comfortable talking to stakeholders and colleagues on both a technical and non-technical level.

▪ Great verbal and written communication skills, and the ability to write reports in a structured methodology.

▪ BSc/MSc in a security field or equivalent experience working within a security related function.

▪ To be inquisitive, with a strong sense of personal responsibility for learning and self-development.

▪ Being able to identify common attack techniques within the context of specific technologies.

▪ Working knowledge of networking protocols/technologies (e.g. TCP, IP, HTTP/HTTPS).

▪ Working knowledge of Unix, Linux, and Windows operating systems.

▪ Any relevant security certifications (SSCP, OCSP, Security+, CySA+, etc.).

▪ Any relevant network certifications (Network +, CCNA, etc.).

▪ Knowledge of other key IT fields (such as Web Applications, databases, Active Directory, network security systems such as web proxies, firewalls & data loss protection).

▪ Exposure to attack and penetration methods and tools.

▪ Working knowledge of scripts, tools, or methodologies to enhance our incident investigation and processes (such as Python, PowerShell, etc.).

▪ Some travel between offices may be required, including international travel.

To oferujemy:

▪​ You can work remotely or from the office – choose the model that best supports your comfort and efficiency. A flexible working model is our standard, not an exception.

▪​ Stability and security – an employment contract with a global organization that has a strong market position and a modern approach to business.

▪​ Clear and competitive salary – tailored to your experience and engagement. We value the real impact you bring.

▪​ Opportunities for growth – we support obtaining a brokerage license, offer training, and create space for professional development.

▪​ A positive work environment – a supportive team, well-defined processes, and a culture based on mutual respect.

▪​ Holiday vouchers – we support your rest and travel plans.

▪​ Emergency financial support – we’re here when life brings the unexpected.

▪​ Holiday gift packages – we celebrate together.

Benefity:

• Prywatna opieka medyczna

• Kafeteria benefitów & Multisport

• Employee Assistance Program

• Ubezpieczenie na życie

• Hybrydowy model pracy

• Volunteer Day

• Dofinansowanie do okularów

• Dofinansowanie nauki języków

• Możliwości uzyskania uprawnień

• Recognition HUB

• Świadczenia socjalne ZFŚS

• PPE

Join Us!

Be part of a team that values innovation, excellence, and collaboration. At WTW, your career is more than just a job—it’s a journey. Apply now and turn your potential into success with WTW!