SOC Analyst (Level 2)

TL;DR

SOC Analyst (Level 2): Taking ownership of complex, high-severity security incidents and leading technical triage through containment, coordinating with various engineering teams. Focus on enhancing SOC quality by tuning detections, refining playbooks, mentoring junior analysts, and driving post-incident improvements into better controls.

Location: Remote, US (California, Illinois, Florida, New York, New Jersey) and Europe (Barcelona, Brussels, London, Paris, Warsaw, Madrid, Milan, Amsterdam, Berlin, Lisbon, Dublin)

Company

hirify.global is a leading market maker and innovator in the digital asset space, expanding its services to become a full-service financial institution.

What you will do

• Lead advanced investigations for complex, multi-signal alerts across various systems (SIEM, EDR, cloud logs, IAM, network, email, SaaS).
• Serve as technical incident lead, driving containment and eradication, and executing/improving response playbooks for key scenarios.
• Enrich investigations with threat intelligence (IOCs, TTPs) and map observed behavior to frameworks like ATT&CK.
• Tune SIEM correlation rules, EDR policies, and alert thresholds to improve detection engineering and signal quality.
• Propose and implement new detections for emerging techniques (identity/cloud abuse, OAuth/app consent attacks, API key leakage, CI/CD pipeline tampering).
• Mentor L1 analysts, manage shift handovers, and contribute to SOC metrics and continuous improvement efforts.

Requirements

• 2–5+ years of SOC, incident response, or security operations experience.
• Strong ability to investigate across cloud security operations, endpoint security, identity, and core network fundamentals.
• Proficiency with at least one SIEM (e.g., Splunk/Elastic/Sentinel) and common SOC tooling (e.g., CrowdStrike/Defender; Jira/ServiceNow).
• Ability to write clear incident documentation including timelines, scope, impact, containment actions, and recommended remediations.
• Comfort operating in an on-call or shift environment, depending on coverage model.

Nice to have

• Detection engineering experience with correlation rules, Sigma/KQL/SPL, alert pipelines, and SOAR automation.
• DFIR fundamentals, including triage acquisition, volatile vs. non-volatile evidence, and endpoint artifact analysis.
• Container/Kubernetes logging and runtime security exposure.
• Practical scripting skills (Python/Bash) for analysis and automation.
• Digital-asset ecosystem exposure and familiarity with 24/7 trading operations.

Culture & Benefits

• Work with a diverse, international team from 42 nationalities.
• Join a predominantly remote team with hubs in London, Brussels, Singapore, and Paris.
• Participate in regular online and offline hangouts to foster team cohesion.
• Contribute to pioneering the adoption of the Rust Development language for algorithmic trading systems.
• Support the growth of Web3 startups through an Accelerator Program.
• Push industry progress with research and governance initiatives in the digital asset space.