Medior SOC Analyst

Location: Hybrid (at least 3 days per week at the office)
Employment: Full-time
Team: Detect
On-call duties: Yes, based on a rotating schedule

About DEFION Security

What began as a group of friends with a passion for IT has grown into DEFION Security: more than 100 colleagues in the Netherlands and Spain, united by one mission: strengthening the digital resilience of our customers and the society we operate in. We work hard, laugh hard, and value an informal culture where expertise and fun go hand in hand. Through groundbreaking research and close collaboration with governments and other security companies, we help our clients defend themselves against the bad actors on the internet.

At DEFION Security, everything revolves around digital resilience. We are a Managed Detection & Response provider that helps organizations identify, understand, and neutralize cyber threats before they can cause damage.

We work with the latest Microsoft Security technologies (Defender, Sentinel, Azure) and operate as part of an international twin-SOC model. Where the Dutch SOC focuses on Microsoft Security technologies, the Spanish SOC specializes in CrowdStrike technology. We are currently working on integrating both SOCs to combine our expertise and protect clients worldwide.

Our SOC is highly technical, pragmatic, and very collaborative, with plenty of humor between serious incidents. There’s also a weekly workout and a fully equipped game room!

Your Role as a Medior SOC Analyst

As a Medior SOC Analyst, you are the sharp eye in our detection and response operations. You work daily with Microsoft Defender (including its various components) and Microsoft Sentinel to analyze, assess, and follow up on threats.
You collaborate with analysts, threat hunters, ethical hackers, and DFIR specialists to examine and resolve incidents from multiple perspectives. With your experience, you quickly distinguish between false positives and real threats.
This is a hybrid role: three days per week at the office, the remainder from home. Outside office hours, you participate in on-call rotations to ensure 24/7 coverage for our clients.

Your daily tasks:

• Investigate and follow up on security incidents in Microsoft Defender and Microsoft Sentinel.
• Interpret alerts and translate them into clear reports and recommended actions for clients.
• Contribute to detection improvements, threat intelligence gathering, and playbook tuning.
• Support client onboarding and offboarding processes.
• Share knowledge with colleagues, guide junior analysts when needed, and work with threat hunters and incident responders, including across borders.
• Actively contribute ideas to make SOC processes smarter, faster, and better.

What we ask of you:

• MBO-4 or HBO level of working and thinking.
• Minimum 3 years of experience in a Security Operations Center.
• Minimum 3 years of experience handling incidents in Microsoft Defender and Microsoft Sentinel.
• Basic knowledge of Azure (AZ-900 is a plus).
• SC-200 and/or SC-900 certification is a bonus.
• Experience with CrowdStrike Falcon EDR or other Falcon products is a plus considering the collaboration with our international SOC.
• Full proficiency in Dutch and English.
• Clear communication, structured working style, and remain calm under pressure.

What we offer:

• Market-competitive salary.
• Lease car or mobility allowance.
• 24 vacation days per year.
• Free lunch at the office.
• A close-knit and highly skilled SOC team where knowledge sharing is natural.
• Freedom to work independently and make a real impact within a growing MDR service.
• Room for personal and professional development.
• Monthly social events and an unforgettable annual study trip.
• Training and certification opportunities to keep your skills up to date.
• Hybrid working with modern tools and a team that values humor.

Ready for DEFION?

Interested in helping build our SOC? Apply now, or reach out for a (virtual) coffee. We’d love to tell you more about how you can make a difference at DEFION Security.