L3 SOC Analyst – Incident Response & Forensics (Azure)

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of defence and security, aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust.

In Romania, we are advancing innovation through software engineering, research and development, delivering solutions in key markets in which Thales Group operates. Our engineers design, develop and integrate solutions that impact global industries – from fully operational systems and subsystems for naval warfare and maritime security operations, to air traffic management systems, satellite-based solutions, tactical indoor simulations, identity and biometric technologies and more.

SOC Analyst – Incident Response & Forensics

Ready to engineer the future with Thales Romania? Join a passionate global team driving front-line innovation in AI, aerospace, security, and beyond!

We are looking for a SOC Analyst focused on proactive threat hunting, digital forensics, and Azure cloud investigations within the SOC that can provide temporary backup to SOC analysts when needed, including occasional night work, to join our team.

Key Responsibilities:

• Conduct hypothesis-driven threat hunts across Azure environments using Microsoft Sentinel and Microsoft Defender.
• Perform advanced digital forensics, malware analysis, and incident timeline reconstruction.
• Document threat hunting playbooks and reflex sheets; mentor SOC analysts to increase maturity on this scope.
• Provide temporary backup to L2 analysts on demand, including nights/on-call if required.
• Collaborate with the build/use case factory teams on new detection use cases, scope increase and purple-team style exercises.

Required Skills & Experience:

• Mandatory: Deep expertise in Microsoft Sentinel (KQL) and Microsoft Defender; strong Azure security knowledge (identities, networking, workloads).
• Advanced threat hunting techniques (including MITRE ATT&CK) and data forensics (memory, disk, and log analysis).
• Proficiency in scripting (PowerShell, Python) and strong documentation skills for repeatable processes.

Nice to have:

• GitLab, JFrog Artifactory, Kubernetes/AKS, YARA/Sigma rules.

Qualifications:

• Incident response, threat hunting, or digital forensics, with hands-on Azure experience.

Certifications:

• SC-200 (Microsoft Security Operations Analyst)
• AZ-500 (Azure Security Engineer)
• AZ-104 (Azure Administrator)
• GCIH and/or GCFA are strong pluses.

Soft skills:

• Teamwork
• Problem solving
• Time managements
• Attention to detail
• Communication

At Thales, we’re committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do. Here, you’ll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference – for a safer, greener, and more inclusive world.