I’m partnered with a leading FinTech firm operating a high-performance, security-first trading environment that’s looking to hire a SOC Engineer (L2) to strengthen its internal security team.
This role sits as the 2nd-line escalation point – the first line is outsourced, so you’ll focus on the most complex incidents across the estate while also supporting the engineering and improvement of detection capabilities.
What You’ll Be Doing
- Own alert triage across EDR, SIEM, and SaaS/identity sources (CrowdStrike, SentinelOne, Elastic, Splunk, Okta, Google Workspace, GitHub, Slack, Atlassian).
- Build and tune detections for SaaS/identity risks such as OAuth abuse, MFA anomalies, and privilege changes.
- Investigate endpoints on macOS/Linux, perform host-based analysis, and execute live response actions.
- Translate TTPs into durable, low-noise detections and refine thresholds to improve precision and recall.
- Support insider-threat investigations by correlating endpoint, SaaS, and network telemetry.
- Conduct proactive hunts mapped to MITRE ATT&CK and test detections through emulations.
- Maintain playbooks, dashboards, and case documentation to enhance SOC performance and response times.
- Participate in on-call rotation for escalations within agreed windows.
What I’m Looking For
- 3+ years’ experience in a SOC or Blue Team role.
- Strong investigation experience across macOS and Linux environments.
- Proficiency with EDR/SIEM tools (CrowdStrike, SentinelOne, Splunk, Elastic).
- Strong understanding of SaaS/identity telemetry and detection logic.
- Ability to author and tune detections mapped to MITRE ATT&CK.
- Basic scripting in Python or Bash for log parsing and automation.
Nice to Have
- Experience with osquery, YARA, FQL, or SentinelOne Deep Visibility.
- Exposure to AWS, GCP, or Azure cloud detections.
- Familiarity with Elastic ECS or Splunk CIM data pipelines.
- Experience tracking SOC metrics and building performance dashboards.
Package
- This is talent lead search as my client wants to hire the best of the best. I’m confident I will be able to exceed your current compensation
- Hybrid: Amsterdam based (2 days per week)
If you’re a hands-on SOC Engineer with a Linux/macOS focus and a passion for refining detections in a low-noise, high-impact setting – I’d love to speak with you.
