L3 SOC Analyst – Incident Response & Forensics (Azure)

Thales is a global technology leader trusted by governments institutions and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of defence and security aerospace and space cybersecurity and digital identity were driven by a mission to build a future we can all trust.

In Romania we are advancing innovation through software engineering research and development delivering solutions in key markets in which Thales Group operates. Our engineers design develop and integrate solutions that impact global industries from fully operational systems and subsystems for naval warfare and maritime security operations to air traffic management systems satellite-based solutions tactical indoor simulations identity and biometric technologies and more.

SOC Analyst Incident Response & Forensics

Ready to engineer the future with Thales Romania Join a passionate global team driving front-line innovation in AI aerospace security and beyond!

We are looking for a SOC Analyst focused on proactive threat hunting digital forensics and Azure cloud investigations within the SOC that can provide temporary backup to SOC analysts when needed including occasional night work to join our team.

Key Responsibilities:

• Conduct hypothesis-driven threat hunts across Azure environments using Microsoft Sentinel and Microsoft Defender.
• Perform advanced digital forensics malware analysis and incident timeline reconstruction.
• Document threat hunting playbooks and reflex sheets; mentor SOC analysts to increase maturity on this scope.
• Provide temporary backup to L2 analysts on demand including nights/on-call if required.
• Collaborate with the build/use case factory teams on new detection use cases scope increase and purple-team style exercises.

Required Skills & Experience:

• Mandatory: Deep expertise in Microsoft Sentinel (KQL) and Microsoft Defender; strong Azure security knowledge (identities networking workloads).
• Advanced threat hunting techniques (including MITRE ATT&CK) and data forensics (memory disk and log analysis).
• Proficiency in scripting (PowerShell Python) and strong documentation skills for repeatable processes.

Nice to have:

• GitLab JFrog Artifactory Kubernetes/AKS YARA/Sigma rules.

Qualifications:

• Incident response threat hunting or digital forensics with hands-on Azure experience.

Certifications:

• SC-200 (Microsoft Security Operations Analyst)
• AZ-500 (Azure Security Engineer)
• AZ-104 (Azure Administrator)
• GCIH and/or GCFA are strong pluses.

Soft skills:

• Teamwork
• Problem solving
• Time managements
• Attention to detail
• Communication

At Thales were committed to fostering a workplace where respect trust collaboration and passion drive everything we do. Here youll feel empowered to bring your best self thrive in a supportive culture and love the work you do. Join us and be part of a team reimagining technology to create solutions that truly make a difference for a safer greener and more inclusive world.