Thinkproject
Senior Security Operations Center Analyst (f/m/d)

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Senior Security Operations Center Analyst (f/m/d)
What do we do?
Introducing Thinkproject Platform
Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies.
By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem.
What your day will look like
We are looking for a highly experienced and technically skilled Senior Security Operations Centre (SOC) Analyst to join our team and play a key role in identifying, investigating, and responding to advanced security threats, issues and vulnerabilities across our organization. This role requires deep expertise in monitoring and securing endpoints, networks, cloud platforms, applications, and infrastructure, with the ability to manage complex incidents independently and drive continuous improvement within the SOC function.
As a senior member of the team, you will lead investigations into sophisticated threats such as advanced persistent threats (APTs), malware outbreaks, and targeted attacks. You will perform hands-on analysis of security events, including forensic evidence collection and root cause analysis, and contribute to the development of detection capabilities across SIEM, EDR, and other monitoring tools.
You will actively engage in threat hunting, leveraging your deep understanding of application code, infrastructure and hosting architectures (cloud and on-premise), the software development lifecycle (SDLC), and CI/CD pipeline solutions to identify risks that span traditional and cloud-native environments. You will also play a key role in implementing and refining automation and playbooks utilising SOAR platforms to accelerate response efforts and reduce operational overhead.
The ideal candidate will have a strong technical foundation and a proactive mindset, with a passion for staying ahead of current and emerging threats. You will collaborate closely with IT, DevOps, and application teams to improve detection coverage, enhance SOC processes, and ensure security operations are aligned with industry best practices and compliance requirements.
This role encompasses reactive incident response, proactive detection engineering, threat hunting, and vulnerability management. You will also contribute to strategic initiatives including penetration testing coordination, security assessments, and audit preparation, while mentoring analysts, sharing threat intelligence insights, and maintaining SOC documentation and workflows.
This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network, and Security Engineering teams.
Main Responsibilities:
Independently investigate and respond to security alerts and events from SIEM, EDR, and other security tools across endpoints, networks, cloud platforms, and applications. Lead proactive threat hunting activities, leveraging threat intelligence, application logs, and infrastructure telemetry to uncover indicators of compromise or stealthy threat activity. Perform in-depth analysis of logs, API configurations and traffic, container environments, network data, application and infrastructure architecture, as well as data center hosting environments to support threat detection, incident investigation, and root cause analysis. Manage complex cybersecurity incidents end-to-end, including containment, eradication, recovery, and post-incident analysis, while coordinating closely with cross-functional stakeholders. Deploy, operate, configure, and tune SIEM platforms and detection tools to enhance signal accuracy, reduce alert fatigue, and maintain effective detection coverage. Design, build, and maintain incident response playbooks and automation workflows to increase the efficiency, speed, and consistency of incident response processes. Simultaneously manage multiple active investigations and day-to-day SOC operations, effectively prioritising tasks and managing time under pressure. Conduct forensic analysis during investigations, including evidence preservation, malware analysis, memory examination, and root cause identification. Collaborate with DevOps, IT, and development teams to ensure timely containment, mitigation, and remediation of vulnerabilities and threats. Coordinate outputs from security assessment tools and penetration tests, ensuring clear ownership and timely closure of identified issues. Participate in and lead security testing exercises to evaluate and strengthen detection capabilities and response procedures. Drive continuous improvement of SOC operations by identifying logging gaps, proposing monitoring enhancements, and introducing new detection or response technologies. Maintain comprehensive documentation of investigations, incidents, tuning efforts, and threat intelligence to support reporting, knowledge sharing, and audit readiness. Stay current with evolving threat landscapes, adversary techniques, and emerging security tools and practices to strengthen SOC capabilities. Adapt SOC processes, solutions, and procedures to enhance the monitoring of the organization's IT network health. Ensure security operations and incident response practices are aligned with industry-recognized frameworks such as ISO 27001. Implement solutions within CI/CD pipelines to identify and block security issues reaching production environments Support the development and refinement of SOC procedures, training materials, and operational standards to enhance maturity and consistency across the team.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
What you need to fulfill the role
You Must Have:
Language & Communication
Proficiency in spoken and written English, with the ability to communicate effectively across both technical and non-technical audiences The ability to communicate difficult or sensitive information tactfully
Education & Experience:
Bachelor’s degree in cyber security or a related field, or equivalent professional experience Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures Awareness of current and emerging cyber threats affecting SaaS organisations
Technical Skills:
Hands-on experience with implementation, ongoing management and maturing of Security Information and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) platforms, threat intelligence platforms, and vulnerability identification tools Experience integrating custom-built applications into SIEM platforms Experience with implementation of automation solutions, enhancing SOC efficiency and speeding incident response Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms, including developing and maintaining automated response playbooks Experience with threat hunting focused on application code, application, infrastructure and hosting architecture, leveraging coding skills and a solid understanding of the software development lifecycle (SDLC) and infrastructure components Experience managing security issues identified through internal tools and external assessments, ensuring remediation is completed in line with company policies and standards Knowledge of common security frameworks and best practices Experience implementing solutions to detect and block security risks in CI/CD pipelines to prevent vulnerable code from being deployed into production


Get help with your application
Your very own career expert that helps elevate your application to the next level.
SOC Operations:
Experience in complex incident response and investigation, including forensic evidence handling and root cause analysis Experience managing business-as-usual (BAU) security operations workload alongside project-based work, both independently and in coordination with other team members Experience managing outputs from cybersecurity assessment tools, coordinating timely mitigation and remediation with key stakeholders. Experience coordinating outsourced penetration tests, ensuring smooth execution without service disruption Experience conducting security assessment exercises to evaluate SOC operational effectiveness and the organization’s ability to respond to cybersecurity incidents Experience in tuning detection rules and alerts to improve accuracy and reduce false positives in security monitoring
Technical Expertise:
Experience with Azure, Azure AD, and AWS technologies and services Experience conducting forensic analysis of cybersecurity incidents
Teamwork & Leadership:
A positive, self-motivated attitude The ability to work effectively in a team environment, collaborating with cross-functional teams to achieve shared objectives Strong time management and prioritization skills, with the ability to manage your own workload The ability to perform effectively under pressure, priorities tasks, and make sound decisions in high-stress or emergency situations A proactive mindset with the ability to critically evaluate your own work, identify improvement opportunities, and automate, simplify, or standardize processes where appropriate
Language Skills:
It Would Be Good to Have:
Proficiency in German (spoken and written)
SOC Operations
Experience conducting red or purple team exercises to validate detection capabilities and improve response playbooks Familiarity with security operations in containerized environments and microservices architectures (e.g., Kubernetes, Docker)
Technical Skills:
Understanding of advanced detection engineering techniques, such as creating custom correlation rules and behavioral analytics in SIEM platforms Exposure to secure software development practices and security testing of APIs, containers, and cloud-native applications Experience conducting both external and internal penetration testing of applications and infrastructure.
Technical Expertise:
Experience with Microsoft Sentinel SIEM Solutions Experience working within a SaaS or software-driven organization, particularly in multi-tenant or cloud-native environments. Experience with AI technologies, including understanding the cybersecurity threats they pose to organizations and how they can be leveraged to enhance operational effectiveness.
What we offer
Lunch 'n' Learn Sessions I Women's Network I LGBTQIA+ Network I Coffee Chat Roulette I Free English Lessons I Thinkproject Academy I Social Events I Volunteering Activities I Open Forum with Leadership Team (Tp Café) I Hybrid working I Unlimited learning
We are a passionate bunch here. To join Thinkproject is to shape what our company becomes. We take feedback from our staff very seriously and give them the tools they need to help us create our fantastic culture of mutual respect. We believe that investing in our staff is crucial to the success of our business.
Your Contact:
Mehal Mehta
Please submit your application, including salary expectations and potential date of entry, by submitting the form on the next page.
Working at thinkproject.com - think career. think ahead.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location