MCPNew: now works with Claude & AI assistants
Provido Global

Provido Global

Security Operations Manager

Company

Provido Global

Role

Security Operations Manager

Location

Limassol, Cyprus

Job type

-

Found on Mokaru

2 days ago

Share this job

Salary

Not disclosed by employer

Job description

About Kairostek

At Kairostek, we believe great technology starts with great people.

We foster a culture of innovation, collaboration, and continuous growth, empowering our team to make a meaningful impact while building solutions that shape the future. Our teams work across software engineering, artificial intelligence, cloud infrastructure, cybersecurity, digital products, payments technology, and technology operations to deliver scalable and innovative solutions for global organizations.

If you are passionate about technology, problem-solving, and continuous learning, we would love to hear from you.

About the Role

The SOC Analyst (L2) is responsible for performing in-depth security investigations, validating escalated alerts, coordinating incident response actions, and improving detection quality within the Security Operations Center. This role is suited to experienced cybersecurity professionals who can independently analyze endpoint, network, identity, cloud, and SIEM telemetry to determine incident scope, impact, root cause, and required containment actions. The analyst supports enterprise protection by leading complex investigations, enriching cases with threat intelligence, guiding L1 analysts, maintaining response playbooks, and ensuring accurate documentation for operational reporting, compliance, and audit purposes. The role is based on-site and requires effective participation in a structured, shift-based Follow-The-Sun operating model with global stakeholders and technical teams.

Key Responsibilities

  • Investigate and validate escalated security alerts from L1 analysts across SIEM, endpoint, network, email, identity, and cloud security platforms.
  • Perform deep-dive analysis of suspicious activity, including log correlation, endpoint telemetry review, network traffic analysis, user behavior assessment, and threat intelligence enrichment.
  • Classify incidents by severity, determine scope and business impact, identify indicators of compromise, and recommend appropriate containment, eradication, and recovery actions.
  • Coordinate incident response activities with infrastructure, endpoint, identity, cloud, application, and regional business teams in accordance with defined runbooks and escalation procedures.
  • Support proactive threat hunting by querying security telemetry, identifying anomalous patterns, and validating hypotheses based on emerging threats and internal attack trends.
  • Improve detection quality by recommending SIEM correlation rule tuning, alert logic enhancements, suppression criteria, and playbook updates to reduce false positives and improve response effectiveness.
  • Provide technical guidance, quality checks, and investigation feedback to L1 SOC analysts to improve triage consistency, evidence collection, and escalation quality.
  • Document investigation findings, timelines, evidence, response decisions, lessons learned, and remediation recommendations in ticketing and case management systems for audit and reporting purposes.
  • Support 24/7 SOC operations through structured shift handovers, major incident communication, service level adherence, and participation in Follow-The-Sun operations.
  • Maintain awareness of current threat activity, attacker techniques, and sector-relevant risks affecting financial services, retail, logistics, and multinational operating environments.

Qualifications & Experience

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Systems Engineering, or a related discipline, or equivalent practical experience.
  • 3–5 years of hands-on experience in a SOC, incident response, security monitoring, threat analysis, network operations, or related cybersecurity role.
  • Practical experience investigating escalated alerts and security incidents using SIEM, EDR, email security, identity, firewall, proxy, vulnerability, and cloud security telemetry.
  • Strong understanding of networking, Windows and Linux operating systems, authentication flows, identity and access management, malware behavior, phishing, ransomware, credential theft, and lateral movement techniques.
  • Ability to correlate events across multiple data sources, establish incident timelines, identify root cause, assess severity, and recommend containment and remediation actions.
  • Experience working with incident response procedures, SOC playbooks, escalation paths, case management tools, and evidence documentation standards.
  • Ability to communicate clearly with technical teams, business stakeholders, and management during investigations, escalations, and shift handovers.
  • Working proficiency in English is required to support multinational stakeholders, global operations, and formal incident documentation.
  • Availability to work on-site in Limassol, Cyprus and support rotational or shift-based schedules where required.

Preferred

  • Professional certifications such as CompTIA Security+, CySA+, CEH, Microsoft SC-200, AZ-500, GCIA, GCIH, or equivalent cybersecurity credentials.
  • Experience mentoring L1 analysts, reviewing escalations, improving triage quality, and contributing to SOC knowledge base articles or playbooks.
  • Hands-on experience with Microsoft Defender, Sentinel, Splunk, QRadar, CrowdStrike, Palo Alto, Fortinet, Proofpoint, or comparable SOC technologies.
  • Exposure to scripting or query languages such as KQL, SPL, SQL, Python, or PowerShell for investigation, enrichment, automation, or reporting purposes.
  • Understanding of MITRE ATT&CK, cyber kill chain concepts, threat intelligence sources, detection engineering fundamentals, and incident response lifecycle practices.
  • Experience supporting compliance-focused environments where investigation evidence, control adherence, auditability, and reporting accuracy are mandatory.
  • Ability to remain calm under pressure, manage multiple active investigations, and make sound escalation decisions during high-severity incidents.

What We Offer

Competitive compensation package.

Flexible and remote-friendly work environment.

Professional growth and development opportunities.

Exposure to international projects and teams.

Collaborative and inclusive company culture.

Opportunity to work with modern technologies and innovative solutions.

Equal Opportunity Employer

Kairostek is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We welcome applications from qualified candidates regardless of race, ethnicity, gender, age, disability, religion, sexual orientation, or background.

Resume ExampleCover Letter Example

Explore more