Strength. Care. Growth
You will know we are the right place for you, if you are driven by:
- Opportunities to learn and build your career.
- Meaningful work in a stable and fast-paced company.
- Diversity of people, projects, and platforms.
- A supportive, fun, and inspiring place to work.
?Role Overview:
As a SOC L2 Analyst, you will play a key role in protecting A1 Group by leading advanced security investigations, conducting deep technical analysis, and proactively searching for threats across our environment.
This role focuses on deep?dive incident investigation, threat intelligence enrichment, threat hunting, and digital forensics. The position is regular 8?hour workdays (Monday–Friday) with participation in the on?call rotation.
Role insights:
- Leading and owning in?depth investigations of complex and escalated security incidents.
- Performing advanced analysis of endpoint, identity, network, and cloud telemetry to uncover attacker behavior.
- Correlating data across SIEM, EDR, and threat intelligence sources to identify patterns, attack paths, and root causes.
- Supporting evidence acquisition, forensic triage, and artifact analysis on compromised systems.
- Collaborating with L1 analysts and providing technical guidance, coaching, and mentorship.
- Developing and refining playbooks, detection use cases, and SOC workflows to improve detection and response capabilities.
- Leading and contributing to proactive threat?hunting missions and hypothesis?driven security assessments.
- Working closely with internal stakeholders to drive incident response and strengthen defensive posture.
What makes you unique:
- Minimum 3+ years of hands?on experience in SOC, CSIRT, DFIR, threat hunting, or cyber operations.
- Strong experience with SIEM platforms (Splunk, Microsoft Sentinel) and EDR/XDR tools (Microsoft Defender for Endpoint/Server/Identity).
- Solid understanding of frameworks such as MITRE ATT&CK, NIST, or CIS Controls.
- Ability to take full ownership of investigations and independently drive them to successful closure.
- Experience performing threat hunting, forensic triage, and attacker technique analysis.
- Experience with scripting or automation (PowerShell, Python) is a plus.
- Relevant certifications such as SC?200, CompTIA CySA+, Splunk Certified Power User, BTL1/BTL2, or similar.
- German language skills are a bonus.
Job code: AIT070P210
Job classification: 10 - (Global Level)
