SOC Analyst

We are seeking a SOC Analyst with strong Security Engineering skills to enhance our security operations and infrastructure resilience. This role will involve both proactive defense through security engineering and reactive incident response as a SOC analyst. Our Security Operations Center (SOC) team is at the front line of defense against security threats, working to keep N26 customers' bank accounts safe by detecting and responding to threats in our cloud and on-premise infrastructure. We believe in proactive security, automation, and continuous improvement to stay ahead of evolving threats. N26 has reimagined banking for today's digital world. Technology and design empower everything we do and it's how we are building the global banking platform the world loves to use. We've eliminated physical branches, paperwork, and hidden fees for an elegant digital experience and supreme savings. Giving people the power to live and bank their way is what gets us out of bed in the morning and inspires the work that we do. We are headquartered in Berlin with offices in multiple cities across Europe, including Vienna and Barcelona, and a 1,500-strong team of more than 80 nationalities. About the Opportunity In This Role, You Will: Perform security incident detection, analysis, and response, including triage, investigation, and containment of security threats. Collaborate with engineering teams to ensure effective log coverage and visibility across the enterprise. Develop and optimize custom detection content, queries, dashboards, and alerts within the SIEM platform. Assist in the design, implementation, and maintenance of SIEM and SOAR solutions to enhance security visibility and automate incident response workflows. Integrate security tools and data sources into the SIEM for comprehensive logging and event correlation. Support the creation and maintenance of automation playbooks and workflows within the SOAR platform to streamline incident response processes. Collaborate with security analysts and engineering teams to refine incident response procedures and improve automation effectiveness. Contribute to the continuous improvement of security operations through the development of metrics and reporting. Monitor security alerts from various sources, including SIEM, EDR, and network security tools. Stay current with emerging threats, vulnerabilities, and security technologies to continuously improve our security capabilities. What You Need to Be Successful Background: Relevant experience (3-5 years) in SOC operations, incident response, or a similar security role. Proven experience with SIEM platforms (e.g., Splunk, Elastic SIEM, Azure Sentinel) including developing detection rules, dashboards, and reports. Familiarity with SOAR platforms (e.g., Splunk SOAR, Phantom, Cortex XSOAR) and the ability to contribute to automation playbooks. Strong experience with security logging, event formats, and the ability to write advanced SIEM queries and parsers. Solid understanding of IT security domains and a deep understanding of cyber threat intelligence (CTI). Experience with Infrastructure as Code (IaC) solutions, specifically Terraform or similar tools, for managing security infrastructure is a plus. Solid understanding of cloud environments, ideally AWS, and experience securing cloud-native applications and infrastructure. Familiarity with host-based and network-based intrusion detection systems. Solid understanding of Linux and ability to write shell scripts. Skills: Expertise in security incident detection, analysis, and response methodologies. Proficiency in scripting and automation languages such as Python, Bash, or PowerShell for developing and integrating security tools. Familiarity with security frameworks such as MITRE ATT&CK and NIST. Strong analytical skills for working with large-scale security data, identifying anomalies, and deriving actionable insights. Knowledge of networking concepts, including firewalls, IDS/IPS, and packet analysis. Ability to analyze phishing attempts, and intrusion attempts to inform detection and automation strategies. Strong communication and collaboration skills to work effectively with cross-functional teams and document technical solutions. Nice to Haves: Software engineering experience in Java, Kotlin, Go, or other relevant languages. Experience with containerization technologies (e.g., Docker, Kubernetes). Relevant security certifications (e.g., SANS GIAC, OSCP, AWS Security). Accelerate your career growth by joining one of Europe's most talked about disruptors . Employee benefits that range from a competitive personal development budget, work from home budget, discounts to fitness & wellness memberships, language apps and public transportation. As an N26 employee you will have access to a Premium subscription on your personal N26 bank account. As well as subscriptions for friends and family members. Additional day of annual leave for each year of service. A high degree of autonomy and access to cutting edge technologies - all while working with a friendly team of peers of diverse nationalities, life experiences and family statuses. A relocation package with visa support for those who need it. Equal Opportunities: We recognize that our strength lies in our people and the varied perspectives they bring to our workforce. We strive to build talented and diverse teams to drive our business success and empower our people to reach their full potential. We genuinely welcome and encourage applications from people of all backgrounds, cultures, genders, sexual orientations, abilities, neurodiversities, and ages. We're committed to creating an inclusive workspace where everyone feels valued and respected, free from harassment and discrimination.JBRP1_DE