L3 SOC Analyst - Madrid

About Us

Integrity360 is the largest independent cyber security provider in Europe, with a growing international presence spanning the UK, Ireland, mainland Europe, Africa and the Caribbean. With over 700 employees, across 12 locations, and six Security Operations Centres (SOCs)—including locations in Dublin, Sofia, Stockholm, Madrid, Rome and Cape Town—we support more than 2,500 clients across a wide range of industries. 

Over 80% of our team are technical experts, focused on helping clients proactively identify, protect, detect and respond to threats in an ever-evolving cyber landscape. Our security-first approach positions cyber resilience as a business enabler, empowering organisations to operate with confidence. 

At Integrity360, people come first. We invest heavily in learning, development and progression, fostering a dynamic culture where innovation, collaboration and continuous growth are at the heart of what we do. If you're ready to take your cyber security career to the next level, we’d love to hear from you. 

Job Role / Responsibilities

In this role, you will act as a Level 3 escalation point within the MDR/SOC function, providing advanced technical support to Level 2 analysts during complex or high-severity investigations. You will be expected to bring deep operational knowledge across modern security technologies, including SIEM, EDR, Network Intrusion Detection Systems, SOAR, DLP and related security monitoring platforms.

The Principal SOC Analyst will support the investigation, containment and remediation of advanced threats, ensuring that incidents are analysed in the correct business and technical context. The role requires strong hands-on experience in security operations, incident response, threat analysis and detection tuning, as well as the ability to work directly with customers and internal stakeholders to improve detection capability and strengthen cyber security posture.

You will contribute to the continuous improvement of the MDR service by supporting the definition of security monitoring strategies, improving detection logic, tuning security technologies, reviewing investigation processes and advising customers on technical optimisation opportunities. A strong understanding of malware behaviour, adversary tactics, techniques and procedures, and emerging threats will be critical to success.

Primary Duties/Responsibilities include:

Act as the Level 3 escalation point for advanced, complex or high-impact security investigations.

Support Level 2 analysts during complex investigations, providing technical guidance, validation and direction.

Perform in-depth analysis of security events, alerts, logs, endpoint telemetry, network traffic and other relevant data sources.

Lead advanced incident investigations, including scoping, containment, eradication and remediation recommendations.

Analyse malicious activity, suspicious files, attacker behaviour and adversary TTPs.

Support customers from a technical perspective in the optimisation, tuning and improvement of their security monitoring capabilities.

Review and improve SIEM, EDR, NIDS, SOAR and other security tool configurations to reduce false positives and improve detection quality.

Contribute to the development and refinement of detection use cases, correlation rules, alerting logic and investigation playbooks.

Support the definition of customer security monitoring strategies based on risk profile, threat landscape and available telemetry.

Provide technical recommendations to strengthen customer cyber security posture and improve resilience against current and emerging threats.

Conduct threat hunting and proactive analysis based on indicators, behaviours, intelligence and attack patterns.

Document investigation findings, evidence, timelines, containment actions and remediation recommendations in a clear and structured manner.

Prepare and deliver technical reports to customers, partners and internal stakeholders.

Monitor trusted sources for emerging threats, vulnerabilities and adversary activity relevant to customer environments.

Contribute to the continuous improvement of SOC processes, procedures, documentation and knowledge base material.

Support mentoring and technical development of Level 1 and Level 2 analysts where required.

Desired Skills

Strong hands-on experience in Security Operations Centre or MDR environments.

Deep operational knowledge of SIEM, EDR, Network Intrusion Detection Systems, SOAR, DLP and related security monitoring technologies.

Strong experience with security event triage, correlation, investigation and escalation.

Ability to analyse endpoint, network, identity, cloud and application telemetry in support of complex investigations.

Experience with SIEM query languages and detection logic, such as KQL, SPL, Sigma or equivalent.

Experience tuning security controls and detection content to improve alert fidelity and reduce false positives.

Strong understanding of attacker tactics, techniques and procedures, including MITRE ATT&CK.

Ability to perform host-based and network-based threat analysis.

Experience analysing packet captures, endpoint artefacts, logs, scripts, documents and potentially malicious files.

Strong understanding of incident response lifecycle, including preparation, identification, containment, eradication, recovery and lessons learned.

Strong understanding of enterprise network architecture, TCP/IP, firewalls, proxies, VPNs, DNS, email security and cloud environments.

Understanding of security protocols, encryption technologies and common authentication mechanisms.

Experience supporting customer-facing technical discussions, including investigation reviews, tuning recommendations and posture improvement activities.

Ability to manage multiple complex incidents and make effective decisions under pressure.

Strong written and verbal communication skills, with the ability to explain technical findings to both technical and non-technical stakeholders.

Experience with Microsoft Sentinel, Microsoft Defender, Splunk, QRadar, CrowdStrike, SentinelOne, Palo Alto, Suricata, Zeek, Snort or similar technologies is highly beneficial.

Experience with cloud security monitoring across Microsoft Azure, AWS or Google Cloud is beneficial.

Experience with threat hunting, detection engineering or purple team activities is beneficial.

Ability to produce clear technical documentation, investigation reports and customer-facing recommendations.

Certifications/Qualifications

Security industry certifications such as GCIH, GCFA, GCIA, GNFA, GCTI, GSEC, CISSP, CySA+, SC-200, AZ-500 or equivalent are highly beneficial.

Minimum 2–3 years of experience in a SOC, MDR, incident response, CSIRT or cyber security operations role.

Proven experience handling complex security incidents and supporting advanced investigations.

Working knowledge of SIEM, EDR, SOAR, NIDS, DLP and threat intelligence platforms.

Experience working with threat hunting methodologies and security detection frameworks.

Experience supporting customers or internal stakeholders with security optimization, detection tuning and cyber security posture improvement.