1
Kategoria
Skadon
Orari
Lokacioni
	 	 

Senior Security Operations Center (SOC) Analyst

Position Summary

At Sentry, we are seeking a highly skilled Senior Security Operations Center (SOC) Analyst to

join our Cyber Security team. The successful candidate will play a key role in monitoring, detecting, investigating, and responding to security incidents across hybrid and cloud-native environments. This position focuses on protecting cloud infrastructure, improving detection capabilities, leading complex incident investigations, and continuously enhancing the organization's security posture through threat hunting, detection engineering, and security automation.

The ideal candidate has extensive experience with SIEM technologies such as Elastic Security and Splunk, strong knowledge of cloud security, and the ability to investigate sophisticated threats across endpoints, identities, networks, and cloud workloads.

Key Responsibilities

  • Monitor and investigate security events across cloud infrastructure, endpoints, identity platforms, and enterprise  applications  using  Elastic  Security,  Splunk,  Wazuh  and  other security monitoring tools.
  • Lead the investigation, containment, eradication, and recovery of complex cybersecurity incidents.
  • Perform proactive threat hunting using telemetry from cloud platforms, endpoints, identity providers, and network security controls.
  • Develop, tune, and maintain SIEM detection rules, correlation searches, dashboards, and alerting logic to improve detection accuracy while reducing false positives.
  • Create and optimize detection content aligned with the MITRE ATT&CK framework and current threat intelligence.
  • Investigate cloud-specific security events, including identity compromise, privilege escalation, workload attacks, container security incidents, and cloud misconfigurations.
  • Analyze authentication logs,  API  activity,  network  traffic,  endpoint  telemetry,  and  cloud audit logs to identify malicious activity and indicators of compromise.
  • Collaborate with cloud,  infrastructure,  and  DevOps  teams  to  investigate  and  remediate security findings.
  • Support incident response activities, including forensic data collection, evidence preservation, root cause analysis, and lessons learned.
  • Develop and maintain SOC playbooks, investigation procedures, and operational documentation.
  • Assist in integrating new log sources and security telemetry into SIEM platforms.
  • Participate in purple team exercises, adversary emulation, and validation of detection capabilities.
  • Mentor junior analysts and provide technical guidance during investigations.
  • Contribute to continuous improvement initiatives across the SOC, including automation, workflow optimization, and detection engineering.

Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience.
  • Minimum of 5 years of experience in a Security Operations Center (SOC), Incident Response, or Cybersecurity Operations role.
  • Strong hands-on experience with Elastic Security and/or Splunk Enterprise Security.
  • Experience investigating security incidents across cloud-native and hybrid environments.
  • Strong understanding of cloud platforms, including AWS, Microsoft Azure, and/or Google

Cloud Platform.

  • Experience monitoring cloud audit logs such as AWS CloudTrail, Azure Activity Logs, Microsoft Entra ID logs, and Kubernetes audit logs.
  • Strong knowledge of  Windows,  Linux,  Active  Directory,  Microsoft  Entra  ID,  networking, and identity security.
  • Solid understanding of attack methodologies, adversary tactics, and the MITRE ATT&CK framework.
  • Experience performing log analysis across operating systems, applications, cloud services, and network infrastructure.
  • Proficiency in writing SIEM queries using Splunk SPL and Elasticsearch Query Language (ES|QL/KQL or Lucene syntax as applicable).
  • Experience with scripting or automation using Python, PowerShell, or Bash.
  • Strong analytical, troubleshooting, and communication skills.

Preferred Qualifications

  • Experience securing Kubernetes, Docker, and containerized workloads.
  • Experience with Infrastructure as Code (Terraform, CloudFormation, or ARM/Bicep).
  • Familiarity with cloud security services such as AWS GuardDuty, Azure Defender, Microsoft Defender for Cloud, AWS Security Hub, or Google Security Command Center.
  • Experience with SOAR platforms and security automation.
  • Familiarity with CI/CD security, DevSecOps practices, and application security monitoring.
  • Knowledge of threat intelligence platforms, IOC management, and malware analysis.
  • Experience implementing detection-as-code methodologies.

What We Offer

  • Competitive salary
  • Comprehensive health coverage
  • Flexible remote work and PTO
  • Professional development support

Start Date

As soon as possible, upon completion of the selection process.

Employment Type

Full-time.

Application Process

Interested candidates should submit their CV, cover letter, and up to three professional references no later than 31 August 2026 at 11:59 PM.

Applications should be sent through the button below or to: careers@sentry.security

Please include the following subject line in your application email: “Senior Security Operations Center (SOC) Analyst–[Your Name]”

Sentry is an equal opportunity employer. We welcome applications from all qualified candidates who meet the role's requirements and are committed to ensuring a fair, inclusive, and respectful recruitment process.

KosovaJob është rrjeti më i madh i punësimit në Kosovë i çertifikuar nga Bureau Veritas me ISO 9001:2015 Standardet për kualitet