Job Closed
This listing is no longer active.
SOC Analyst L1/L2 – Cybersecurity
Location
Portugal
Posted
57 days ago
Salary
0
Seniority
Senior
Job Description
SOC Analyst L1/L2 – Cybersecurity
Devoteam
• Stay updated on emerging threats and cybersecurity best practices, continuously improving security operations and procedures • Participate in an off-hours on-call rotation to ensure continuous security coverage • Ensure timely resolution of security cases, operating within defined SLAs • Produce detailed technical incident reports and communicate findings to stakeholders • Conduct front-line investigations of security alerts, ensuring thorough analysis and coordination with partner teams • Assess the scope and impact of security risks and drive mitigation and resolution activities • Monitor security investigations, perform analysis, and apply remedial or protective actions • Proactively hunt for suspicious or malicious activity using threat intelligence and advanced analytics • Act as an escalation point for associate analysts, guiding complex cases • Participate in the global incident response team during major incidents and contribute to post-incident reviews
Job Requirements
- Proven experience in Security Operations as a Tier 1/2 analyst, with end-to-end investigation experience
- Strong commitment to continuous learning and awareness of cybersecurity trends and emerging threats
- Ability to work on-call and manage time effectively in high-pressure environments
- Experience working within SLA-driven frameworks and producing high-quality technical documentation
- Intermediate knowledge of security frameworks such as NIST CSF, MITRE ATT&CK, and OWASP
- Technical proficiency in risk assessment and mitigation in complex environments
- Hands-on experience with EDR solutions, SASE providers, and Identity Protection controls
- Intermediate knowledge of the AWS Security Stack
- Familiarity with Detection-as-Code methodologies and their principles
- Experience as a senior team member or escalation point supporting junior analysts
- Experience in incident response teams, particularly in large-scale incident management
- Full professional proficiency in English and Portuguese
- Certifications such as CompTIA Security+, GCIH, GCDA, or AWS Certified Security – Specialty (Nice to have)
- Experience with password management security or high-sensitivity identity data environments (Nice to have)
- Experience in a fully remote, global SOC environment (Nice to have)
Benefits
- Health insurance
- Flexible work arrangements
- Professional development opportunities
Related Guides
Related Categories
Related Job Pages
More Security Operations Jobs
Security Operations Engineer
Interval GroupHigh quality consulting. On demand. Delivered by top professionals.
• Design and build SecOps tools, including SIEM, SOAR, vulnerability detection and management, EDR, logging pipelines, and user behavior analytics • Develop architecture patterns and solution designs for the security tool ecosystem • Evaluate and integrate new tools and platforms to improve detection, response, and automation capabilities • Build and maintain scalable data ingestion, correlation, and alerting workflows for advanced detection and response • Coordinate with operations engineers to jointly maintain SecOps workflows and ensure platform reliability • Develop automation scripts, playbooks, and workflows in SOAR tools to improve response efficiency and reduce analyst workload • Design and build an internal SecOps product to deliver detection and response capabilities for vulnerabilities, threats, and security incidents • Integrate with the internal observability product and broader corporate SOC functions • Provide technical leadership during incidents, including tool behavior, data quality, and technical issues • Develop, test, and operationalize detection capabilities based on evolving threats and platform telemetry • Create and maintain detection-as-code artifacts such as Sigma rules, YARA, KQL queries, and static analysis rules • Validate detection quality through adversary simulation, purple teaming, or continuous tuning
• Monitor, detect, and respond to security incidents across the organization; • Analyze and correlate security events, alerts, and logs; • Investigate security incidents and recommend remediation actions or workarounds; • Research and assess emerging cyber security threats and mitigation strategies; • Conduct vulnerability assessments and analyze vulnerability reports; • Validate potential findings and support remediation activities; • Contribute to the continuous improvement of SOC monitoring and response processes; • Collaborate with technical teams to implement security best practices; • Produce technical documentation and incident reports.
Senior Security Engineer – Security Operations
CheckatradeOur mission is to be the trusted foundation of every home.
• Design and implement scalable security controls and platform-level guardrails across our multi-cloud estate: build it once, make it the default everywhere. • Drive a modern secure SDLC by embedding threat modelling, SAST/DAST/SCA, secrets management, and dependency hygiene directly into the developer workflow, not bolted on as an afterthought. • Prototype and deploy AI agents that review code, triage findings, and turn vulnerability noise into actionable signals, becoming the assistant every developer wishes they had. • Own the security of our IaC, CI/CD pipelines, and cloud platforms, making least privilege the default rather than a project. • Partner with engineering to deliver paved paths, libraries, and tooling that make the secure way the easy way. • Run technical security reviews for new applications and infrastructure changes, finding the issues that matter with the evidence to back it up.
Director, Security Operations – Infrastructure
PhreesiaPhreesia empowers patients to take an active role in their health and achieve better outcomes.
• Own enterprise-wide security incident response —ensure the team can detect, triage, contain, eradicate, and recover from incidents across cloud, on-prem, SaaS, and endpoint environments with speed and precision. • Maintain and continuously improve the incident response plan, playbooks, escalation procedures, and communication templates, ensuring they are tested, current, and aligned to NIST CSF 2.0. • Serve as incident commander or executive sponsor for high-severity incidents; make real-time decisions on containment and remediation under pressure. • Coordinate threat response across US and India teams, ensuring consistent coverage, quality, and process regardless of geography. • Own the security and IT tooling portfolio across the company: endpoint management (MDM, EDR), identity infrastructure, SIEM/SOAR, network security, vulnerability scanning, email security, cloud security posture management, and related platforms. • Build and maintain operational metrics and dashboards that provide the CISO and leadership with clear visibility into incident trends, MTTD/MTTR, tool health, SLA performance, and infrastructure posture.



