Senior SOC Analyst



Job Family


For over 80 years, GfK has been a reliable and trusted insight partner for the world’s biggest companies and leading brands who make a difference in every consumer’s life - and we will continue to build on this. We connect data, science and innovative digital research solutions to provide answers for key business questions around consumers, markets, brands and media. With our headquarters in Germany and a presence in around 60 countries worldwide, you benefit from our global company with a diverse community of ~9,000 employees.

Harnessing the power of our workforce, the greatest asset we have is our people. As part of GfK, you can take your future into your own hands. We value talent, skills and responsibility and support your development within our international teams. We are proud of our heritage and our future: Currently we are in the latter stages of a transformational journey from a traditional market research company to a trusted provider of prescriptive data analytics powered by innovative technology. This is only possible with extraordinary people and this is why we are looking for YOU to help create our future. For our employees as well as for our clients we pursue one goal: Growth from Knowledge!

Job Description

Mission of the role

The Senior Security Operations Analyst’s primary role is to detect and analyze data centrally collected from various sources such as Intrusion Detection Systems, Directory Services, Proxies, Anti-Virus systems etc. and manage security incidents that may occur. The Security Operations Analyst also serves as the point of contact for end users and Technology staff to report suspicious events. Also, the Senior SOC Analyst serves as the escalation point for the SOC analysts during initial investigations of security events of interest. After identifying a potential security incident, the Senior Security Operation Analyst handles and supports the containment, analysis and remediation of incidents of medium and major severity. 

Apart from reacting to potential security incidents, the Senior SOC analysts is actively hunting for threats in GfK’s environment, using dedicated security solutions or through means of advanced data analytics on the central security log management / SIEM solution. From the gained knowledge, the Senior SOC analyst builds advanced detection use cases on the SIEM platform, from managing the ingestion of required logs, creation of correlation rules and alerting, up to the creation and training of standard operations procedures for the SOC analysts and other relevant groups to appropriately react to these use cases. 

As a Senior SOC Analyst you will have the following key accountabilities:

  • React to security alerts and security events of interest from Splunk, IDS, endpoint protection and other security related systems

  • Threat hunting in GfK’s environment

  • Advanced data analytics in Splunk

  • Perform event and incident analysis and management escalated by the SOC

  • Define advanced SOC use cases. Coordinate implementation and support with hands-on building of rulesets

  • Advise on mid-term countermeasures. Provide input to IT Security prevention, detection and reaction strategy

  • Escalation point of contact for security incident notifications from SOC Analysts, service desks, IT engineers and administrators

  • React to reported suspicious emails and phishing attacks

  • Manage security incidents – mid to major severity

  • Escalate major incidents to InfoSec management

  • Perform data analytics in Splunk, including the definition and creation of Splunk security use cases (detection rules)

  • Provide rotational on-call services during off hours and weekends. 

Now that you know what a Senior SOC Analyst does, what skills, qualifications and experience do you need?


  • Demonstrate knowledge of industry security incident process frameworks such as SANS PICERL or NIST 800-61 

  • Ability to think like a hacker 

  • Able to manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur

  • Detect malicious applications and network activity

  • Ability to perform hypothesis driven threat hunts

  • Knowledge of industry security frameworks including Critical Security Controls for Effective Cyber Defense, ISO27001, NIST800-53

  • Operating, using and writing detection use cases for SIEM (Splunk Enterprise Security preferred) 

  • Advanced working knowledge of security modules in Splunk or similar SIEM systems

  • Advanced working knowledge of security technologies including AV, endpoint protection, IDS, proxies, content filtering, application security, vulnerability management

  • Advanced technical understanding and knowledge of IT Security best practice, common attack types and detection/prevention methods, including CISecurity Benchmarks, OWASP and NIST guidelines, etc.

  • Analytical thinking & problem-solving skills

  • Good communication skills on technical and general level

  • Poise and ability to act calmly and competently in high-pressure, high-stress situations

  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity

  • High degree of initiative, dependability and ability to work with little supervision


  • Minimum of 4 years of relevant SOC experience, with at least one year focused on security incident response 

  • Experience of handling security incidents such as web application attacks, phishing, container, public cloud, vendor supply chain incidents, ransomware, emergency vulnerability management and account compromise  

  • Enthusiastic about the security industry and driven to continue learning and developing new skills 

  • Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business

  • A working knowledge of both the operations and digital technology environment

  • Working in a global enterprise environment

  • Strong experience in working on several projects simultaneously, ability to deliver projects on-time

  • Ability to travel, domestic or international, as required

  • One or more of the following certificates would be beneficial - GIAC certification/SANS training, GCIH, GCFA, GCFE, GNFA, GBFA, CCIM, GMON, GSEC

Join our team and benefit from the following advantages: 

  • Exciting work environment that brings people together

  • Use of the latest digital technologies

  • Initial and ongoing trainings to support your development

  • Opportunities for personal and professional growth

  • Competitive remuneration and bonus scheme linked to individual performance and company results

  • Flexible working hours and home office

  • 3 additional non-working days annually

  • Food vouchers

  • Health insurance

  • Discount program with external vendors

  • Eco friendly travelers are welcome to the office – parking places for bikers and free card for public transportation are available to all employees

  • Last but not least – GfK Sofia office is located close to the city centre and easily accessible from any point by public transportation – 47A Tsarisgradsko Shose Blvd

All documents will be treated in the strictest confidentiality.
Only short-listed candidates will be invited for an interview.

We are an ethical and honest company that is wholly committed to its clients and employees. We are proud to be an inclusive workplace for all and are committed to equal opportunity in employment which focuses on all of our employees reaching their full potential. At GfK we work collaboratively with our colleagues but offer a flexible working approach, including dividing our time between office & remote working as well as the opportunity to flex our working hours around team core hours.

We offer an exciting work environment that brings people together. We encourage an entrepreneurial and innovative spirit. We make use of the latest digital technologies. We are looking for self-starters, who accept challenges and create solutions.

Can there be a better place to take center stage in the digital revolution? We are excited to get to know you!

Posted: 12 days ago

City: Sofia

Work Area: IT

Job Time: Full Time

Requisition ID: R00012214