WHAT YOUR DAY WILL LOOK LIKE

We are seeking a skilled Lead Security Operations Centre (SOC) Analyst to join our team and play a critical role in protecting our organization from cyber threats. You will be responsible for leading the day-to-day operations of our Network Security Operations Centre (NSOC), continuously improving our capabilities in threat detection, security event response, and proactive monitoring. The NSOC is responsible for monitoring, detecting, analysing, and responding to security incidents and events, ensuring the integrity, confidentiality, and availability of our solutions and data. You will ensure our operations align with industry best practices and Thinkproject’s compliance obligations across all platforms.
The Lead SOC Analyst will play a critical role in building and managing our cybersecurity operations. They will be responsible for real-time threat analysis, event investigation, and coordinating a timely and effective response to potential security incidents. Working closely with cross-functional teams, the Lead SOC Analyst will ensure threats are swiftly identified, remediated, and documented. They will also lead and mentor a team of analysts, driving a coordinated, strategic response to both emerging and ongoing threats.
The ideal candidate will have extensive experience working within a Security Operations Centre (SOC) environment. They should possess hands-on expertise in implementing, configuring, and managing logging and monitoring solutions, particularly Security Information and Event Management (SIEM) systems, and be well-versed in tuning detection rules, managing alerts, and leveraging SIEM data for effective incident triage and response.
The candidate should bring leadership and mentoring capabilities, providing oversight and expert guidance to other SOC analysts while promoting a positive culture of continuous improvement.
The role will involve handling both reactive responses to security events of varying criticality and proactive measures to enhance the organization’s security posture. Familiarity with cloud platforms such as Azure and AWS is advantageous.
The SOC Analyst will also be responsible for monitoring the health of Thinkproject’s IT network infrastructure, responding to health-related events using the same high-level structure applied to cybersecurity events.
This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network Engineering, and Operations team.

EDUCATION & EXPERIENCE:

• A bachelor’s degree in Cyber Security or a related field, or equivalent professional experience
• Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures
• Awareness of current and emerging cyber threats affecting SaaS organisations

TECHNICAL SKILLS:

• Hands-on experience with Security Information and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) platforms, threat intelligence platforms, and vulnerability identification tools
• Proficiency in analysing logs, network traffic, and security events to detect, investigate, and respond to threats
• Experience managing security issues identified through internal tools and external assessments, ensuring remediation is completed in line with company policies and standards

LANGUAGE SKILLS:

• Proficiency in German (spoken and written)

• Lead the daily operations of the NSOC, ensuring effective monitoring, analysis, and response to security events and threats. Manage shift coverage to ensure the NSOC is staffed during core working hours across Thinkproject’s multiple operating time zones.
• Investigate and respond to security events and incidents, ensuring timely identification, containment, eradication, and recovery. Coordinate with cross-functional teams as needed, and document and report incidents in accordance with established policies.
• Conduct forensic analysis of cybersecurity events, ensuring that all documentation meets legal and compliance standards.
• Conduct regular security checks on key systems to monitor for issues and indications of compromise
• Proactively hunt for threats using threat feeds and advanced analysis to understand emerging threats and vulnerabilities. Provide insights and recommendations to mitigate risks.
• Arrange and oversee frequent penetration tests of our solutions, ensuring they are conducted successfully and without impacting service.
• Manage the output of security issues from cyber security assessment tools, coordinating with key stakeholders to ensure timely mitigation and remediation of identified issues and threats.
• Assist in developing and implementing cybersecurity policies, procedures, monitoring and response solutions.
• Ensure all security operations are conducted in compliance with relevant regulatory requirements, industry standards, and internal policies. Assist in the preparation and maintenance of audit and compliance documentation.
• Prepare detailed internal and customer facing reports on security incidents, vulnerabilities, posture and compliance status for management, stakeholders and customers.
• Develop and implement event response procedures and playbooks
• Participate in and develop security assessment exercises to evaluate operational effectiveness.
• Contribute to the ongoing maturation of the Security Operations Centre by introducing new logging, monitoring, and response solutions to enhance departmental operations and improve cybersecurity coverage.
• Conduct daily, weekly, and monthly stand-up meetings with internal teams and the wider engineering and operations groups to ensure effective coordination and alignment on current and upcoming deliverables
• Assist in the development and management of the NSOC budget, providing input on resource planning, tooling requirements, training needs, and operational costs. Collaborate with leadership to ensure the budget aligns with strategic objectives and supports the ongoing growth and maturity of the SOC function
• Mentor and guide SOC analysts, fostering a positive culture of continuous improvement. Coordinate the team to ensure an effective and consistent response to both emerging and ongoing threats.
• Adapt SOC processes, solutions, and procedures to enhance the monitoring of the organization’s IT network health.