Strength. Care. Growth
You’ll know A1 Bulgaria is the right place for you if you are driven by:
- Opportunities to learn and build your career;
- Meaningful work in a stable and fast-paced company;
- Diversity of people, projects, and platforms;
- A supportive, fun, and inspiring place to work.
As a SOC L2 Analyst, you will play a key role in protecting A1 Group by leading advanced security investigations, conducting deep technical analysis, and proactively searching for threats across our environment.
This role focuses on deep?dive incident investigation, threat intelligence enrichment, threat hunting, and digital forensics. The position is regular 8?hour workdays (Monday–Friday) with participation in the on?call rotation.
Your daily routine would include:
- Leading and owning in?depth investigations of complex and escalated security incidents.
- Performing advanced analysis of endpoint, identity, network, and cloud telemetry to uncover attacker behavior.
- Correlating data across SIEM, EDR, and threat intelligence sources to identify patterns, attack paths, and root causes.
- Supporting evidence acquisition, forensic triage, and artifact analysis on compromised systems.
- Collaborating with L1 analysts and providing technical guidance, coaching, and mentorship.
- Developing and refining playbooks, detection use cases, and SOC workflows to improve detection and response capabilities.
- Leading and contributing to proactive threat?hunting missions and hypothesis?driven security assessments.
- Working closely with internal stakeholders to drive incident response and strengthen defensive posture.
We’ll know you can make it if you have:
- Minimum 3+ years of hands?on experience in SOC, CSIRT, DFIR, threat hunting, or cyber operations.
- Strong experience with SIEM platforms (Splunk, Microsoft Sentinel) and EDR/XDR tools (Microsoft Defender for Endpoint/Server/Identity).
- Solid understanding of frameworks such as MITRE ATT&CK, NIST, or CIS Controls.
- Ability to take full ownership of investigations and independently drive them to successful closure.
- Experience performing threat hunting, forensic triage, and attacker technique analysis.
- Experience with scripting or automation (PowerShell, Python) is a plus.
- Relevant certifications such as SC?200, CompTIA CySA+, Splunk Certified Power User, BTL1/BTL2, or similar.
- German language skills are a bonus.
Apply now!
Every internal candidate will be invited for an interview.
Every colleague, who has changed their position in the company, will receive an individual bonus of 1000 euro for an educational course of their choice.
Refer a friend for this position and get a bonus of 250 еuro under the Employee referral program!
