Keyrock is hiring a SOC Analyst (Level 1) to serve as the critical first line of defense in our cloud-first, high-availability digital asset trading environment. You will be responsible for the continuous monitoring, triage, and escalation of security alerts, ensuring threats are identified and acted upon swiftly.
What You'll Do
- Conduct 24/7 monitoring and alert triage across our SIEM, EDR, and cloud security tooling, distinguishing false positives from credible threats.
- Perform initial investigation and enrichment by gathering relevant logs, adding context, and documenting findings clearly in the ticketing system.
- Escalate confirmed or suspected incidents quickly to Level 2/Incident Response with a complete handoff including timeline, scope, IOCs, and actions taken.
- Execute runbooks and SOPs for common events like phishing, suspicious logins, endpoint detections, and malware alerts, including authorized containment actions.
- Map alerts to adversary behaviors such as MITRE ATT&CK techniques to improve understanding and escalation quality.
- Maintain operational hygiene with accurate shift handovers, updated watchlists, and identification of recurring alert patterns for tuning recommendations.
What We're Looking For
- 0–2 years of experience in a SOC, security monitoring, or IT operations role, including relevant internships or hands-on labs.
- Practical knowledge of security fundamentals: networking, DNS, HTTP(S), identity/authentication, and malware basics.
- Familiarity with log investigation and event triage concepts.
- Experience with common security tools and workflows, such as a SIEM (Splunk/Elastic/Sentinel), EDR (CrowdStrike/Defender), ticketing (Jira/ServiceNow), or basic SOAR concepts.
- Strong written communication skills to produce clear, escalation-ready tickets and timelines.
- Ability to work rotating shifts and on-call schedules, including weekends and holidays as required by the coverage model.
Nice to Have
- Exposure to cloud security in AWS, GCP, or Azure, including CloudTrail/Activity Logs, IAM analysis, and detections for token/key misuse.
- Familiarity with incident response frameworks like the NIST incident response guidance.
- Exposure to detection engineering concepts (rule tuning, false-positive reduction) or basic scripting in Python or Bash for investigation automation.
- Knowledge of the digital-asset ecosystem, including exchanges, custody concepts, and operational risk in 24/7 trading environments.
- Relevant certifications such as Security+, Blue Team Level 1, or SSCP.
Technical Stack
- SIEM: Splunk, Elastic, Sentinel
- EDR: CrowdStrike, Defender
- Ticketing: Jira, ServiceNow
- Cloud Security: AWS, GCP, Azure
- Scripting: Python, Bash
Team & Environment
You will join a fast-moving, globally distributed team shaping the future of digital financial markets. Our culture expects ownership, continuous learning, and a drive for improvement.
Work Mode
This is a global role with team locations in London, Brussels, Singapore, and Paris.
Keyrock is an equal opportunity employer.
