SOC Analyst (L1/L2) - Incident Response — 100% Remote (Spain)
Since 2011, SQUAD Group has been a key player in the cybersecurity landscape. We partner with leading organizations to protect their information systems through a comprehensive 360° offering of consulting, integration, expertise, and managed services. ¿Tiene lo que se necesita para triunfar? La siguiente información debe ser leída atentamente por todos los candidatos. Our mission: Securing Together! We believe in a collaborative approach to cybersecurity, where experts and clients work hand-in-hand to anticipate threats and protect critical infrastructure. As part of our growing team, we're seeking a SOC Analyst to join a top-tier Incident Response team, defending the digital assets of a company that connects hundreds of millions of people every month. The position is fully remote within Spain. Your Role You are a hands-on incident responder. From the moment an alert fires to final resolution, you investigate, contain, and document security incidents with rigor and autonomy. Phishing and email-based attacks make up a significant share of the workload, so a sharp eye for email analysis is essential. Your Responsibilities
- Investigate and respond to security incidents across their entire lifecycle, from detection and triage through containment, root cause analysis, and closure.
- Analyze suspicious emails and phishing campaigns, leveraging header analysis and authentication standards (SPF, DKIM, DMARC).
- Respond to a variety of alert types, including malicious URLs and compromised domains.
- Apply and contribute to incident response playbooks, bringing analytical judgment to every investigation.
- Build and run XQL queries in the Palo Alto Cortex platform to support and accelerate investigations.
- Produce clear, structured incident documentation and escalate appropriately.
What You Bring
- 1–3 years of hands-on SOC experience with strong operational fundamentals.
- A solid grasp of incident triage and investigation methodology — you understand why an alert fired, not just how to close it.
- Practical experience analyzing phishing and email-borne threats.
- Familiarity with Palo Alto Cortex (XSIAM/XDR) and XQL is a strong asset; Microsoft Sentinel/KQL experience is also welcome.
- A rigorous, transparent approach to investigation — you verify before concluding.
- Genuine motivation to build a career in Incident Response.
Preferred Certifications: BTL1/BTL2, GIAC GCIH, Palo Alto Networks Cortex XDR/XSIAM certifications, Microsoft SC-200 Why Join Squad?
- Personalized Growth: We help you build a training and certification plan aligned with your professional goals through our SquadeXpérience.
- Expertise Development: Participate in internal events like our MixYourTalent webinars and monthly CTF sessions.
- Visibility: Attend major industry conferences and contribute to our #TheExpert technical blog.
- Culture: Enjoy a dynamic and close-knit environment with after-work events and team gatherings that foster great camaraderie. xsgfvud
Hay opciones de teletrabajo/trabajo desde casa disponibles para este puesto.