Medior SOC Analyst.

Our SOC: technical, pragmatic, collaborative

DEFION operates an international twin-SOC model. The Dutch SOC focuses on Microsoft Security technologies (Defender, Sentinel, Azure), while the Spanish SOC specializes in CrowdStrike. We are integrating both to protect clients worldwide with combined expertise.

Our SOC is highly technical and pragmatic, with plenty of humor between serious incidents. You will collaborate with analysts, threat hunters, ethical hackers, and DFIR specialists to examine and resolve incidents from multiple angles. This is a hybrid role with on-call rotations for 24/7 client coverage.

What you will do

• Investigate and follow up on security incidents in Microsoft Defender and Microsoft Sentinel
• Interpret alerts and translate them into clear reports and recommended actions for clients
• Contribute to detection improvements, threat intelligence gathering, and playbook tuning
• Support client onboarding and offboarding processes
• Guide junior analysts and collaborate with threat hunters and incident responders across borders
• Actively contribute ideas to make SOC processes smarter, faster, and better

What you bring

Must have:

• Minimum 3 years of experience in a Security Operations Center
• Minimum 3 years of hands-on incident handling with Microsoft Defender and Microsoft Sentinel
• MBO-4 or HBO level of working and thinking
• Full proficiency in Dutch and English
• Clear communication, structured working style, calm under pressure

Nice to have:

• Basic knowledge of Azure (AZ-900 certification)
• SC-200 and/or SC-900 certification
• Experience with CrowdStrike Falcon EDR (relevant for international SOC collaboration)