Security Operations Centre Analyst (f / m / d)

Introducing Thinkproject Platform

Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies.

By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem.

What your day will look like

We are looking for a skilled Security Operations Analyst to join our team and help protect Thinkproject from evolving cyber threats. In this role, you will be responsible for monitoring, detecting, investigating, and responding to security events across our environments including endpoints, networks, cloud platforms, and applications. You will play a key role in managing security tools such as SIEM, EDR, threat intelligence feeds, and vulnerability scanners to support effective incident detection and response.

The Security Operations Analyst will work closely with cross-functional teams including IT, DevOps, and incident response to ensure swift and coordinated resolution of security incidents. You will also participate in proactive threat hunting, analysing threat feeds to identify potential risks relevant to our environment. Maintaining accurate documentation and knowledge sharing will be essential to the role, alongside contributing to continuous improvement of our SOC processes and capabilities.

The ideal candidate will have experience working within a Security Operations Centre (SOC) environment. They should possess hands-on expertise in managing logging and monitoring solutions, particularly Security Information and Event Management (SIEM) systems. The candidate should be well-versed in tuning detection rules, managing alerts, and leveraging SIEM data for effective incident triage and response. Additionally, experience implementing automation to enhance response times and reduce operational overhead through streamlined workflows and playbooks is highly desirable.

The role will involve handling both reactive responses to security events of varying criticality and proactive measures to enhance the organization’s security posture. Familiarity with cloud platforms such as Azure and AWS is advantageous.

This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network and Security Engineering Teams.

Main responsibilities :

• Respond competently to security events and alerts from SIEM, EDR, and other security tools across endpoints, infrastructure, cloud environments, and applications.
• Conduct threat hunting activities focused on analysing threat intelligence feeds to detect emerging threats and potential attack vectors.
• Analyse logs and security data to support incident detection, investigation, and root cause analysis.
• Independently manage cybersecurity incidents from identification through to resolution, coordinating with relevant stakeholders as needed.
• Operate, configure, and tune SIEM platforms and security tools, contributing to improved detection accuracy and reduced false positives.
• Develop, maintain, and execute incident response playbooks and automation solutions to streamline response efforts.
• Handle multiple investigations and routine SOC tasks simultaneously, prioritizing workload effectively.
• Perform forensic analysis during incident investigations, including evidence collection and documentation.
• Collaborate with IT, DevOps, and other teams to ensure timely incident containment and remediation; escalate complex issues when necessary.
• Manage outputs from cybersecurity assessment tools, coordinating with teams to ensure mitigation of identified vulnerabilities and risks.
• Participate in security exercises and testing to identify gaps in coverage and detection capabilities.
• Contribute to the ongoing maturation of the Security Operations Centre by introducing new logging, monitoring, and response solutions to enhance departmental operations and improve cybersecurity coverage.
• Maintain clear and detailed documentation of investigations, alerts, and incidents to support knowledge transfer and reporting.
• Proactively pursue professional development opportunities to stay current with evolving threats and security technologies.
• Adapt SOC processes, solutions, and procedures to enhance the monitoring of the organization's IT network health.
• Provide Security Operations Centre coverage on a rota basis, ensuring support is maintained in line with the organization’s commitments.

What you need to fulfill the role

You Must Have :

Language & Communication

Education & Experience :

Technical Skills :

SOC Operations :

Teamwork & Leadership :

It Would Be Good to Have :

Language Skills :

Technical Skills :

SOC Operations :

Technical Expertise :

Experience working within a software services organization

What we offer

Lunch 'n' Learn Sessions I Women's Network I LGBTQIA+ Network I Coffee Chat Roulette I Free English Lessons I Thinkproject Academy I Social Events I Volunteering Activities I Open Forum with Leadership Team (Tp Café) I Hybrid working I Unlimited learning

We are a passionate bunch here. To join Thinkproject is to shape what our company becomes. We take feedback from our staff very seriously and give them the tools they need to help us create our fantastic culture of mutual respect. We believe that investing in our staff is crucial to the success of our business.