Cybersecurity Jobs List logo

Cybersecurity Jobs List

  1. Home
  2. Jobs
  3. Portugal
  4. Coimbra
  5. Coimbra
  6. Cybersecurity
  7. SOC (Security Operations Centre) Analyst
CS
Critical Softwarecriticalsoftware.com

SOC (Security Operations Centre) Analyst

Coimbra, Coimbra, Portugal | Lisbon, Lisbon, Portugal (Hybrid)Full-time14h ago

 The future of rail isn’t just about movement, it’s about intelligence, security, and connection. We unite rail expertise with digital innovation to create smarter, safer, and more sustainable transportation solutions. Technology here speaks with purpose: accelerating digitalization, embedding cybersecurity, and shaping the next era of rail.

Behind every breakthrough are people, their talent, creativity, and drive to push boundaries. Together, we’re building confidence, resilience, and a new standard for connected mobility powered by innovation.

This position is for Stadler Digital Labs, a joint venture between Stadler Rail and Critical Software serving as the digital competence center for the Stadler Group.

Check-out the website: https://stadlerdigitallabs.com

Key Responsibilities:

Security Monitoring & Analysis

  • Monitor security alerts and events from EDR, identity protection, cloud security platforms, and other security tools
  • Perform initial triage, enrichment, and classification of alerts following SOC playbooks
  • Investigate low- to medium-complexity attack patterns, including:
  • Adversary-in-the-Middle (AitM) attacks
  • Suspicious login patterns (MFA fatigue, impossible travel, password spray)
  • Endpoint malware detections
  • Privilege misuse indicators
  • Suspicious email or phishing activities
  • Correlate events across multiple systems to identify potential malicious behavior

Basic Threat Hunting

  • Use simple scripts (PowerShell, Python, KQL, Bash) for data enrichment, identifying anomalies, and performing small, targeted hunts in specific log sources
  • Support senior analysts with observations gained during reconnaissance hunting activities

Incident Handling & Escalation

  • Act as the first responder in the incident handling process
  • Document findings and escalate incidents to Tier 2/3 analysts or the external SOC with clear, structured communication
  • Collaborate with the external SOC provider to validate alerts, coordinate investigations, and ensure accurate incident classification
  • Execute containment steps defined in playbooks when authorized (e.g., user account disablement, endpoint isolation)

Collaboration & Communication

  • Serve as an active contributor within the global cybersecurity team, maintaining strong partnerships across IT, operations, and business units
  • Communicate technical information clearly to diverse stakeholders, both technical and non-technical
  • Participate in daily SOC operational meetings, knowledge sharing, and cross-team collaboration

Quality, Documentation & Improvement

  • Maintain accurate and comprehensive investigation documentation within ticketing and reporting systems
  • Suggest improvements to detection rules, use cases, and SOC processes based on observed patterns
  • Follow established SOC procedures while contributing to continuous improvement initiatives

Playbook Creation, Adoption & Continuous Improvement

  • Follow existing SOC playbooks consistently during investigations and incident response workflows
  • Contribute to the refinement, enhancement, or creation of Tier 1 playbooks, ensuring they accurately reflect real investigation needs
  • Provide feedback to Tier 2/3 and SOC leadership on areas where playbooks can be improved, clarified, or automated
  • Promote playbook adoption by adhering to standardized procedures and helping ensure alignment with the external SOC provider

Which brings us to you, the person with:

  • Bachelor's degree in Computer Science, Information Technology, or equivalent professional experience
  • 2+ years of experience in IT Security, SOC, Incident Response, or similar fields
  • Foundational knowledge of cybersecurity principles, common attack vectors, and threat actor behaviours
  • Understanding of the Cyber Kill Chain and MITRE ATT&CK frameworks and their application in investigations
  • Ability to think from an attacker's perspective to better recognize malicious intent and weak signals
  • Experience with EDR, identity, email, or cloud security tools
  • Basic scripting ability (PowerShell, Python, KQL, Bash) for automation, enrichment, or simple hunting tasks
  • Strong communication skills to work effectively with global stakeholders and external SOC teams
  • High attention to detail and structured documentation habits
  • Attacker mindset: Ability to anticipate adversary actions and identify early indicators
  • Analytical thinking: Recognizing patterns, anomalies, and correlations across logs
  • Analytical mindset: Quickly interpret data and identify suspicious patterns
  • Collaboration: Ability to work effectively with globally distributed teams. Team player across the company
  • Communication: Clear, concise documentation and stakeholder communication
  • Curiosity & continuous learning: Staying updated on evolving threats and SOC best practices
  • Responsibility: Ownership of tasks, SLA adherence, and high-quality incident handling

What we provide:

  • Work that fits your life, not the other way around
  • Offices designed to make you feel like you belong
  • A team that knows how to work hard, but also how to have fun
  • Pay that makes you feel valued, plus performance-based rewards
  • Your growth is our priority: training, support, and opportunities!

Plus, Perks with Purpose:

  • Private Health Insurance
    Because your health and peace of mind matters.
  • Employee Assistance Programme
    Confidential support for you and your household from mental health to legal or financial advice, we're here for whatever life throws your way.
  • Home Office Support
    Get what you need to work comfortably from home, without turning your living room into an ergonomic nightmare.
  • Extra Holidays
    The longer you’re with us, the more you get. Two extra days after your first year, and more as time goes on.
  • Extra Parental Leave
    Two additional months of fully paid leave for both parents — whether you're welcoming a child by birth or adoption.
  • Flex-time
    We don’t clock-watch. Work when it makes sense for you, as long as it works for your team and goals.
  • Gradual Return to Work Support
    Returning after a long break? We’ll help you ease back in with a plan that fits your pace and needs.
  • Away From Keyboard - Sabbatical programme
    Long-term employees can take time off to explore new ideas, projects or experiences and come back with fresh eyes and stories to tell.

Critical Software is proud to be a Benefit Corporation. A Benefit Corporation differs from a standard corporation (C-Corporation): It is a for-profit business entity, legally defined in the US and other jurisdictions, whose legally defined goals include the positive impact on society, workers, the community and the environment, in addition to profit.

We are an equal opportunity workplace and committed to allow candidates with disabilities or neurodevelopmental conditions to prove their competencies to their full potential. We are willing to move the barriers that may prevent you from demonstrating that you are the right candidate for this role, so please let us know if you need some adjustment in your recruitment process.

By applying to a position at Critical Software, you are deemed to have accepted our Privacy Policy

Categories

Cybersecurity
Incident Response
Information Security
Security Operations
SOC Analyst

Skills

Bash
Cloud Security
Cyber Kill-chain
EDR
Identity Protection
Incident Response
KQL
Malware Analysis
MITRE ATT&CK
Phishing Analysis
PowerShell
Python
Security Monitoring
SOC Operations
Threat Hunting