Defend (Services)

SOC Analyst

To start as soon as possible, full-time in Berlin





Full time

Working time



The Job

Does that get you up in the morning?

  • Monitor our clients’ computer networks for security issues and implement all phases of the IR lifecycle:
    • Perform alert triage and initial analysis of incoming security events
    • Perform detailed analysis and investigation of already qualified security incidents
    • Create written issue reports with summaries and detailed explanations of the detected anomalies
    • Communicate with customers and assist during issue resolution where required
  • Bring in your expertise for a sustainable improvement of our service quality:
    • Identify, adjust and assemble existing response plans for our customers
    • Derive sensible internal standard analysis procedures for new incident types
    • Closely collaborate internally with colleagues to create new or enhance existing threat intelligence and detection rules
    • Apply advanced analytics to determine emerging threat patterns and attack


What we’re looking for

  • Completed technical education with at least three years of working experience within the SOC or DFIR area
  • Profound knowledge within the following domains:
    • TCP/IP network analysis
    • Prevalent application layer protocols
    • OS log analysis (Linux, Windows, Sysmon)
    • ATT&CK framework
    • Scripting capabilities in at least Bash or Python, preferably also Powershell
    • *nix and Windows Operating Systems
    • NIST Incident Response lifecycle
    • Prevalent enterprise architectures
  • Experience with event analysis in nowadays SIEM systems (preferably Splunk)
  • Very good English (C1 level) and good German (B2 level) language skills – orally and in writing