SOC Operations Deputy Lead
- Hybrid
- Utrecht, Utrecht, Netherlands
- €4,250 - €5,500 per month
- Blue Team
Job description
Northwave is a leading European cybersecurity specialist, protecting organizations against increasingly complex digital threats. With deep expertise in offensive and defensive security, behavior, and monitoring, we support our customers through managed security services and high-impact consultancy. Our Security Operations Center plays a central role in this mission, operating as a high-trust, high-precision environment where technology and expertise come together.
To further strengthen this foundation, we are expanding our Operations capability within the SOC team.
The Role:
The SOC Operations Deputy Lead supports the Team Lead in managing the SOC analysts and ensuring smooth day-to-day operations. This role focuses on operational leadership, mentoring, and quality assurance, acting as a bridge between analysts and leadership, especially during the Team Lead’s absence.
Key Responsibilities:
· Assist in coordinating daily SOC-OPS activities and shift operations.
· Provide technical guidance and mentoring to analysts.
· Ownership of operational standards; collaborate with the Team Lead on reporting and metrics in Creating Dashboards and KPI’s for SOC Performance.
· Act as escalation point for operational issues and incidents.
· Work with the team to Focus on optimizing alerting to reduce false positives.
· Lead incident response efforts when required and ensure proper documentation.
· Review escalated security incidents and guiding Tier 1 and Tier 2 analysts
· Support quality assurance and influence continuous improvement initiatives.
· Step in as acting Team Lead during absences or leave.
HR Responsibilities: None. The Deputy Lead does not hold formal HR responsibilities but may provide input on performance and development during reviews.
· Assist in shift planning, workload distribution, and operational coverage when needed or in the absence of the team lead.
· Attend Vendor meetings with the team lead to help support SOC Operations
· Support tier two analysts with customer related queries and support on Tickets
· Support OPS by regualrly taking queue work in investigation and triage to understand difficulties and bottlenecks of the team
· Contribute to Operational Improvement processes and documentation of such.
· Working within the team on dedicated threat hunts and recomending improvments.
Technology and Environment:
In addition to the core role, Your work will also require technical expertise in an environment where SOC Operations quality and operational reliability are essential:
· Understand log sources (Windows, Linux, network, cloud, EDR logs) and what “normal vs. abnormal” looks like.
· Understand Detection Rules, KQL Queries, scheduled analytics, and correlation rules.
· Have a strong hands on Incident Response experience, including Triage, containment, eradication and recovery procedures.
· Network Traffic Analysis
· Understand attacker TTPs: lateral movement, privilege escalation, command & control.
· Use of IR tooling (EDR, XDR, packet capture, forensics suites).
· Knowledge of common network protocols (DNS, HTTP/S, SMB, RDP) and how attackers pivot through networks
· Have an understanding of how vulnerabilities are scored, exposure management and prioritization, and how atackers weaponize vulnerabilities.
· Skilled in scripting with Python, Powershell, Bash, creating SOAR Playbooks (eg. In Sentinel, Swimlane)
· Technical awareness of Security Frameworks (NIST 800-61, ISO 27001, CIS Controls)
Job requirements
What you bring:
At least 3 years of experience leading or coordinating teams in a soc operations environment.
A strong passion and knowledge of technical expertise within SOC Operations
A strong understanding of cybersecurity operations, incident response, and crisis management.
Strong communication skills and the ability to translate complex technical topics into clear actions.
Relevant bachelor’s or master’s degree.
Interested?
If you are considering a next step where leadership, responsibility and technical development come together, we would love to talk. If you don’t meet every single requirement, we’d still be happy to receive your application
Contact Youri Roelofs at youri.roelofs@northwave-cybersecurity.com
or
- Utrecht, Utrecht, Netherlands
All done!
Your application has been successfully submitted!
How we hire
Our hiring process is thorough, to ensure we make the right decision and to help you to decide if we're the right fit for you. Depending on the position and general conditions, steps may vary in individual cases - if you have any questions, please feel free to ask!
Your Application and Screening phase
After submitting your application, you will receive an automatic confirmation of receipt from us.
We review your application and give you feedback. This process takes some time but we try to give you feedback as quickly as possible.
First Interview - Getting to know you
In the first online meeting, let our recruiter learn about you and your story to check a potential fit. This is also a chance for you to ask first questions about the role and company.
Second Interview - Learning more about your skills
In this one site meeting, your future Leader takes a deeper dive into your experience and what you could bring to the team. You can expect questions on how knowledgeable you are in the business or technology area. For technical positions, you can expect a technical test. Further, you have the chance to meet the team and ask questions.
Job Offer and Onboarding
Congratulations, you made it to the very last stage! Here we have already decided to make you part of the Northwave team. We are sending you a job offer. We hope you also choose us! If so, Welcome to the Northwave family. We are ready to start with your Onboarding!
