SOC L2 Analyst

FP Markets Group of Companies is a well-established multi-regulated broker, founded in Australia, offering traders access to CFD trading on Forex, Indices, Commodities, Stocks and Cryptocurrencies. We are growing and looking to recruit a Full-time SOC L2 Analyst in Cyprus office - a certified Great Place to Work®.

We're looking for a SOC L2 Analyst to take ownership of escalated alerts, lead investigations, and drive detection engineering across our security operations stack. You'll work hands-on with Wazuh, CrowdStrike, and osquery — digging into endpoints, correlating signals, and turning incidents into hardened detections.

What You'll Work With: Wazuh · CrowdStrike Falcon · osquery · MITRE ATT&CK · Sigma / YARA · Python · PowerShell

Reporting to: Head of Security and Infrastructure

Responsibilities:

• Triage and investigate escalations from L1, including EDR, SIEM, and threat intel alerts
• Lead incident investigations end-to-end — scoping, containment, eradication, recovery
• Perform host and endpoint forensics: process trees, persistence, lateral movement, artifacts
• Analyze suspicious binaries and scripts; identify malware behavior and IOCs
• Tune and develop detections in Wazuh and CrowdStrike — rules, custom queries, response actions
• Write and maintain osquery packs for fleet-wide investigation and continuous monitoring
• Hunt proactively for threats using EDR telemetry, logs, and threat intelligence
• Produce clear incident reports — technical findings, timeline, root cause, recommendations
• Contribute to playbooks, runbooks, and post-incident reviews
• Partner with IT, infrastructure, and engineering teams on remediation and hardening
  

Candidate profile:

• 3+ years in SOC, incident response, or threat hunting roles (L2 level)

Searching for Devops roles that provide visa sponsorship? Connect with international employers through Devops Jobs with Visa Sponsorship opportunities actively seeking talented professionals.

• Hands-on production experience with Wazuh — rules, decoders, agents, integrations
• Hands-on CrowdStrike Falcon experience — investigations, RTR, custom IOAs
• Strong osquery skills — writing queries, building packs, fleet-wide hunts
• Solid understanding of malware behavior, common TTPs, and the MITRE ATT&CK framework
• Investigation experience across Windows, Linux, and macOS endpoints
• Log analysis and correlation across endpoint, network, identity, and cloud sources
• Familiarity with reverse engineering concepts — static and dynamic analysis basics
• Experience with fraud detection and incident response
• Scripting in Python, PowerShell, or Bash
  

Nice to Have:

• Digital forensics experience — disk, memory, timeline analysis (Volatility, Velociraptor, KAPE)
• Deeper reverse engineering skills (IDA, Ghidra, x64dbg)
• Detection engineering with Sigma, YARA
• Cloud incident response (AWS, GCP, Azure)
• Threat intelligence and IOC pivoting (MISP, OpenCTI, VirusTotal)
• Certifications — GCIH, GCFA, GCFE, GREM, OSCP, CrowdStrike CCFA / CCFR
• Experience in regulated environments (fintech, financial services)
  

Our offer:

• A certified Great Place to Work®  reflecting our commitment to a positive culture, employee well-being, and support
• Welcoming, young and multicultural team with approachable leadership
• Ability to contribute to dynamic business at a growth phase
• High level of autonomy, support of ideas and putting your expertise into the best practices for the company
• Continuous personal development, training budget, growth with the company and opportunity to learn from industry leaders
• Competitive remuneration, regular salary reviews and performance-based incentive schemes
• Vibrant company life: from team activities to global celebrations
• New beautiful office in an easily accessible location with company-provided fruits, breakfasts and lunches
• Free access to multiple sports and wellness facilities across the country
• Free company-provided parking
• Medical insurance and pension fund after probation period
• A gift and a day off on your Birthday
• Visa and work permit support if required 
  

Journey to FP Markets:

• Interview with People Function member (30 - 45 min) to assess match to our culture
• Interview with your future manager (45 min - 1 hour) to assess match to the job and the team and discuss role expectations
  

Join our team and be a part of a professional, rapidly-growing company operating in a multicultural environment!