Job opportunity Security Operations Centre Analyst (f/m/d) at thinkproject Security Operations Centre Analyst (f/m/d)
Introducing Thinkproject Platform
Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies. By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem. What your day will look like
We are looking for a skilled Security Operations Analyst to join our team and help protect Thinkproject from evolving cyber threats. In this role, you will be responsible for monitoring, detecting, investigating, and responding to security events across our environments including endpoints, networks, cloud platforms, and applications. You will play a key role in managing security tools such as SIEM, EDR, threat intelligence feeds, and vulnerability scanners to support effective incident detection and response.
The Security Operations Analyst will work closely with cross-functional teams including IT, DevOps, and incident response to ensure swift and coordinated resolution of security incidents. You will also participate in proactive threat hunting, analysing threat feeds to identify potential risks relevant to our environment. Maintaining accurate documentation and knowledge sharing will be essential to the role, alongside contributing to continuous improvement of our SOC processes and capabilities.
The ideal candidate will have experience working within a Security Operations Centre (SOC) environment. They should possess hands-on expertise in managing logging and monitoring solutions, particularly Security Information and Event Management (SIEM) systems. The candidate should be well-versed in tuning detection rules, managing alerts, and leveraging SIEM data for effective incident triage and response. Additionally, experience implementing automation to enhance response times and reduce operational overhead through streamlined workflows and playbooks is highly desirable.
The role will involve handling both reactive responses to security events of varying criticality and proactive measures to enhance the organization s security posture. Familiarity with cloud platforms such as Azure and AWS is advantageous.
This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network and Security Engineering Teams.
Main responsibilities:
- Respond competently to security events and alerts from SIEM, EDR, and other security tools across endpoints, infrastructure, cloud environments, and applications.
- Conduct threat hunting activities focused on analysing threat intelligence feeds to detect emerging threats and potential attack vectors.
- Analyse logs and security data to support incident detection, investigation, and root cause analysis.
- Independently manage cybersecurity incidents from identification through to resolution, coordinating with relevant stakeholders as needed.
- Operate, configure, and tune SIEM platforms and security tools, contributing to improved detection accuracy and reduced false positives.
- Develop, maintain, and execute incident response playbooks and automation solutions to streamline response efforts.
- Handle multiple investigations and routine SOC tasks simultaneously, prioritizing workload effectively.
- Perform forensic analysis during incident investigations, including evidence collection and documentation.
- Collaborate with IT, DevOps, and other teams to ensure timely incident containment and remediation; escalate complex issues when necessary.
- Manage outputs from cybersecurity assessment tools, coordinating with teams to ensure mitigation of identified vulnerabilities and risks.
- Participate in security exercises and testing to identify gaps in coverage and detection capabilities.
- Contribute to the ongoing maturation of the Security Operations Centre by introducing new logging, monitoring, and response solutions to enhance departmental operations and improve cybersecurity coverage.
- Maintain clear and detailed documentation of investigations, alerts, and incidents to support knowledge transfer and reporting.
- Proactively pursue professional development opportunities to stay current with evolving threats and security technologies.
- Adapt SOC processes, solutions, and procedures to enhance the monitoring of the organizations IT network health.
- Provide Security Operations Centre coverage on a rota basis, ensuring support is maintained in line with the organization s commitments.
What you need to fulfill the role
Proficiency in spoken and written English, with the ability to communicate effectively across both technical and non-technical audiences
The ability to communicate difficult or sensitive information tactfully
A bachelor s degree in Cyber Security or a related field, or equivalent professional experience
Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures
Awareness of current and emerging cyber threats affecting SaaS organisations
Technical Skills:
Hands-on experience with Security Information and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) platforms, threat intelligence platforms, and vulnerability identification tools
Experience managing security issues identified through internal tools and external assessments, ensuring remediation is completed in line with company policies and standards
Experience in tuning detection rules and alerts to improve accuracy and reduce false positives in security monitoring.
Experience in incident response and investigation, including forensic evidence handling and root cause analysis
Experience managing business-as-usual (BAU) security operations workload alongside project-based work, both independently and in coordination with other team members
Experience managing outputs from cybersecurity assessment tools, coordinating timely mitigation and remediation with key stakeholders.
The ability to work effectively in a team environment, collaborating with cross-functional teams to achieve shared objectives
Strong time management and prioritisation skills, with the ability to manage your own workload
The ability to perform effectively under pressure, prioritise tasks, and make sound decisions in high-stress or emergency situations
A proactive mindset with the ability to critically evaluate your own work, identify improvement opportunities, and automate, simplify, or standardise processes where appropriate
It Would Be Good to Have:
Language Skills:
Proficiency in German (spoken and written)
Hands-on experience with implementation of Security Information and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) platforms, threat intelligence platforms, and vulnerability identification tools
Experience integrating custom-built applications into SIEM platforms.
Experience with Security Orchestration, Automation, and Response (SOAR) platforms to develop, test, and execute automated response playbooks, enhancing SOC efficiency and speeding incident response.
Experience with threat hunting focused on application code, application and infrastructure architecture, leveraging strong programming skills and a solid understanding of the software development lifecycle (SDLC) and infrastructure components
Experience coordinating outsourced penetration tests, ensuring smooth execution without service disruption.
Experience implementing automation and playbooks to enhance response efficiency and reduce operational overhead.
Experience with security assessment exercises to evaluate SOC operational effectiveness and the organizations ability to respond to Cyber Security incidents.
Technical Expertise:
Experience with Azure, Azure AD, and AWS technologies and services
Experience conducting forensic analysis of cybersecurity incidents
Experience working within a software services organization
What we offer
Lunch n Learn Sessions I Womens Network I LGBTQIA+ Network I Coffee Chat Roulette I Free English Lessons I Thinkproject Academy I Social Events I Volunteering Activities I Open Forum with Leadership Team (Tp Caf ) I Hybrid working I Unlimited learning
We are a passionate bunch here. To join Thinkproject is to shape what our company becomes. We take feedback from our staff very seriously and give them the tools they need to help us create our fantastic culture of mutual respect. We believe that investing in our staff is crucial to the success of our business. Please submit your application, including salary expectations and potential date of entry, by submitting the form on the next page.
These cookies are necessary for a good functionality of our website and cannot be switched off in our system.
We use these cookies to provide statistical information about our website. They are used to measure and improve performance.
On some pages we embed content from social networks and other services. As a result, your personal data may be passed on to the operator of the portal from which the content originates, so that the operator can analyse your behaviour.
