Provido Global
Security Operations Manager
Job description
About Kairostek
At Kairostek, we believe great technology starts with great people.
We foster a culture of innovation, collaboration, and continuous growth, empowering our team to make a meaningful impact while building solutions that shape the future. Our teams work across software engineering, artificial intelligence, cloud infrastructure, cybersecurity, digital products, payments technology, and technology operations to deliver scalable and innovative solutions for global organizations.
If you are passionate about technology, problem-solving, and continuous learning, we would love to hear from you.
About the Role
The SOC Analyst (L3) is a senior security operations role responsible for leading advanced incident investigations, performing threat hunting, driving containment and remediation activities, and serving as an escalation point for complex security events within the Security Operations Center. This role requires deep hands-on experience across SIEM, EDR, network, cloud, identity, and threat intelligence platforms, with the ability to correlate evidence, determine root cause, and provide actionable recommendations to reduce risk. The analyst will mentor L1 and L2 analysts, improve detection logic and response playbooks, and support Security Operations in a Follow-The-Sun model by coordinating effectively with global technical, business, and leadership stakeholders.
Key Responsibilities
- Act as the senior escalation point for complex, high-severity, or business-critical security incidents escalated from L1 and L2 analysts.
- Lead deep-dive investigations across SIEM, EDR, identity, network, email, cloud, vulnerability management, and threat intelligence platforms.
- Perform advanced threat hunting to identify suspicious behaviours, attack patterns, lateral movement, persistence mechanisms, credential misuse, and indicators of compromise.
- Drive incident response activities, including scoping, containment, eradication, recovery coordination, evidence preservation, and root cause analysis.
- Develop, tune, and validate detection rules, correlation logic, use cases, dashboards, and alert thresholds to improve detection quality and reduce false positives.
- Create and maintain SOC runbooks, investigation guides, escalation procedures, incident response playbooks, and knowledge base articles.
- Mentor L1 and L2 analysts by providing technical guidance, case review feedback, investigation coaching, and support during major incidents.
- Produce clear incident reports, executive summaries, lessons learned, and remediation recommendations for technical teams, management, and audit stakeholders.
- Collaborate with infrastructure, application, cloud, network, IAM, vulnerability management, and governance teams to close control gaps and strengthen the overall security posture.
- Support 24/7 security operations through structured handovers, major incident coordination, and participation in on-call or shift-based coverage where required.
Qualifications & Experience
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Systems Engineering, or a related discipline; equivalent professional experience may be considered.
- 5+ years of cybersecurity experience, including substantial hands-on experience in a SOC, incident response, threat hunting, digital forensics, or security monitoring environment.
- Proven ability to investigate and resolve complex security incidents involving malware, phishing, credential compromise, privilege escalation, lateral movement, data exposure, cloud threats, or advanced persistent threats.
- Strong working knowledge of SIEM platforms, EDR/XDR tools, IDS/IPS, firewalls, email security, identity platforms, cloud security logs, and threat intelligence sources.
- Solid understanding of Windows, Linux, networking, authentication, endpoint telemetry, log analysis, MITRE ATT&CK techniques, and common attacker tactics, techniques, and procedures.
- Experience performing incident scoping, containment planning, root cause analysis, evidence collection, and post-incident reporting.
- Ability to write clear technical documentation, investigation notes, incident reports, and remediation recommendations suitable for operational, management, and audit review.
- Strong communication skills in English, with the ability to brief technical and non-technical stakeholders during active incidents and post-incident reviews.
- Availability to work on-site in Limassol, Cyprus and support rotational, on-call, or shift-based schedules where required.
Preferred
- Professional certifications such as CISSP, CISM, GCIH, GCIA, GCFA, GCFE, GNFA, OSCP, CEH, CompTIA CySA+, Microsoft SC-200, or equivalent advanced security credentials.
- Hands-on experience with platforms such as Microsoft Sentinel, Microsoft Defender XDR, Splunk, QRadar, Elastic, CrowdStrike, Palo Alto, Fortinet, Proofpoint, or similar enterprise security technologies.
- Experience with detection engineering, use case development, threat-informed defence, purple team collaboration, adversary emulation, or control validation exercises.
- Working knowledge of cloud security monitoring across Microsoft Azure, AWS, or Google Cloud, including identity, workload, network, and audit log analysis.
- Proficiency with scripting or automation using Python, PowerShell, KQL, SQL, Bash, or similar languages to accelerate investigation, enrichment, and reporting workflows.
- Experience supporting regulated, audit-driven, or compliance-focused environments where evidence quality, control adherence, and repeatable processes are essential.
- Demonstrated ability to lead major incident bridges, coordinate cross-functional remediation, and communicate risk-based recommendations to senior stakeholders.
What We Offer
Competitive compensation package.
Flexible and remote-friendly work environment.
Professional growth and development opportunities.
Exposure to international projects and teams.
Collaborative and inclusive company culture.
Opportunity to work with modern technologies and innovative solutions.
Equal Opportunity Employer
Kairostek is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We welcome applications from qualified candidates regardless of race, ethnicity, gender, age, disability, religion, sexual orientation, or background.


