SOC-Ops Deputy Lead

Northwave's SOC monitors, detects and responds to threats for organisations across Europe, 24/7. The team operates under real pressure in a high-trust environment where quality is measured in response times and detection accuracy. We are looking for a Deputy Lead who supports the Team Lead in running the operation and developing the team.

What you will do

You are the bridge between the analyst floor and leadership. You coordinate daily operations, mentor Tier 1 and Tier 2 analysts through complex cases, and step in as acting Team Lead when needed. You own operational standards together with the Team Lead, drive alerting optimisation, and regularly take queue work yourself to stay close to the team's reality.

• Coordinate daily SOC operations, shift planning and escalations

• Mentor analysts and review escalated security incidents

• Lead incident response efforts and ensure proper documentation

• Own SOC performance dashboards and KPIs with the Team Lead

• Drive operational improvement and contribute to threat hunts

• Step in as acting Team Lead during absences

Technology and environment:

In addition to the core role, Your work will also require technical expertise in an environment where SOC Operations quality and operational reliability are essential:

·       Understand log sources (Windows, Linux, network, cloud, EDR logs) and what “normal vs. abnormal” looks like.

·       Understand Detection Rules, KQL Queries, scheduled analytics, and correlation rules.

·       Have a strong hands on Incident Response experience, including Triage, containment, eradication and recovery procedures.

·       Network Traffic Analysis

·       Understand attacker TTPs: lateral movement, privilege escalation, command & control.

·       Use of IR tooling (EDR, XDR, packet capture, forensics suites).

·       Knowledge of common network protocols (DNS, HTTP/S, SMB, RDP) and how attackers pivot through networks

·       Have an understanding of how vulnerabilities are scored, exposure management and prioritization, and how atackers weaponize vulnerabilities.

·       Skilled in scripting with Python, Powershell, Bash, creating SOAR Playbooks (eg. In Sentinel, Swimlane)

·       Technical awareness of Security Frameworks (NIST 800-61, ISO 27001, CIS Controls)

What we offer

• Competitive salary, paid on the 25th, with annual review and 8% holiday allowance

• Pension through Nationale Nederlanden, Northwave contributes 50%, including partner pension

• 25 vacation days plus all Dutch national holidays

• Generous special leave for marriage, birth, bereavement, care and parental leave

• Lease car based on salary scale (electric welcome), or choose €0.23/km plus 50% of the lease budget as mobility allowance

• MacBook, phone and accessories fully provided

• €200 net annual allowance for flexible and remote working

• Alleo budget for sports, wellness and leisure of your choice

• Learning budget from €700 to €1,200 per year, up to €4,500 for longer programmes

• Referral bonus when you bring in a great new colleague

• Hybrid working from a modern office in Utrecht

• Personal growth through the Role Model and FeedForward cycle, your ambitions and development front and centre

What you bring

• 3+ years leading or coordinating teams in a SOC environment

• Hands-on incident response experience (triage, containment, eradication)

• Comfortable with detection engineering, KQL, EDR/XDR tooling and SOAR playbooks

• Ability to translate complex technical situations into clear priorities

• Strong communicator on the analyst floor and in leadership meetings

• Relevant degree and fluent English

Interested?
If you are considering a next step where leadership, responsibility and technical development come together, we would love to talk. If you don’t meet every single requirement, we’d still be happy to receive your application

Contact Youri Roelofs at youri.roelofs@northwave-cybersecurity.com