SOC Analyst

Overview

Nomios is building a secure and connected future. We are looking for a 24/7 SOC Analyst to join our Security Operations Centre in the Netherlands. This role is ideal for early career SOC professionals or individuals with a strong infrastructure and networking background who wish to transition into cyber security operations.

• Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms.
• Investigate suspicious activity and determine whether escalation is required.
• Follow SOC runbooks and investigation workflows.
• Build clear timelines of activity and maintain accurate investigation notes.
• Escalate complex cases to Senior and Lead Analysts with appropriate context.
• Review vulnerability management output and provide basic prioritisation insight.

• Take part in directed threat hunting activities.
• Suggest improvements to detections, dashboards and runbooks.
• Support testing of new use cases and detection logic.

• Provide clear written updates for customers and internal stakeholders.
• Participate in shift handovers to maintain continuity.
• Work closely with Senior and Lead Analysts to develop your skills and technical depth.

• Minimum 1 year in a Security Operations Centre (SOC) or 3 years in infrastructure or networking roles with demonstrable security exposure.
• Experience triaging and investigating security alerts.
• Understanding of attacker behaviours, TTPs and common malware execution chains.
• Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes.
• Hands‑on experience with at least one major security platform (SIEM, EDR or XDR).
• Familiarity with ticketing tools such as Service Now, Salesforce or JIRA.
• Understanding of core network protocols: DNS, HTTP, SMB, LDAP.
• Operational knowledge of Windows, macOS and Linux.
• Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour.

• Experience with Microsoft Sentinel, Google Sec Ops or other SIEM platforms.
• Experience with Defender, Crowd Strike, Sentinel One or other XDR solutions.
• Ability to query in KQL, CQL, S1QL, XQL or similar languages.
• Awareness of threat intelligence concepts and application to investigations.
• Awareness of coding or scripting, with proficiency in at least one language preferred.

• Location:
  
  Home‑based with occasional visits to the office in Basingstoke.
• Hours:
  
  12‑hour shifts – 2 days, 2 nights; 4 days/nights off. Flexibility required in the event of a major incident.
• Security clearance:
  Eligibility for SC clearance (lived in the UK for five consecutive years) required. DV clearance eligibility is advantageous.

Nomios offers a highly competitive salary and commission scheme, along with industry‑leading benefits. You will work in a dynamic, fast‑paced environment where you are free to use your initiative in support of our strategic objectives.

Ready to make an impact? Apply now!

Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.