SOC Analyst

About Keyrock

Since our beginnings in 2017, Keyrock has grown to be a leading change-maker in the digital asset space, renowned for our partnerships and innovation. Today, we boast over 200 team members globally, representing 42 nationalities, from DeFi natives to PhDs. Predominantly remote, we maintain hubs in London, Brussels, Singapore, and Paris, fostering team cohesion through regular online and offline hangouts.

We actively trade on more than 80 exchanges and collaborate with a diverse array of asset issuers. As a well-established market maker, our distinctive expertise has fueled rapid expansion. Our services now encompass market making, options trading, high-frequency trading, OTC, DeFi trading desks, and digital asset management. Keyrock is committed to expanding its footprint as a full-service financial institution through both organic innovation and strategic growth.

More than just a service provider, we are an initiator. Keyrock pioneers the adoption of the Rust Development language for our algorithmic trading systems and champions its industry-wide use. We support the growth of Web3 startups via our Accelerator Program, upgrade ecosystems by injecting liquidity into promising DeFi, RWA, and NFT protocols, and advance the industry through our research and governance initiatives. At Keyrock, we are not just envisioning the future of digital assets; we are actively building it.

Role Summary

As a SOC Analyst (Level 1) at Keyrock, you will serve as the initial line of defense, responsible for monitoring, triaging, and escalating security alerts within our cloud-first, high-availability trading environment. Your role involves executing established playbooks and runbooks to validate alerts, enrich investigations with essential context, and ensure timely escalation to our Level 2/Incident Response teams.

What You’ll Do (Core Responsibilities)

• 24/7 monitoring and alert triage across SIEM/EDR/cloud security tooling, identifying false positives versus credible threats and assigning appropriate severity.
• Initial investigation and enrichment, gathering relevant logs/telemetry, adding context, and meticulously documenting findings in the case/ticketing system.
• Escalation and coordination of confirmed or suspected incidents quickly and cleanly to L2/IR with a complete handoff, including timeline, scope, Indicators of Compromise (IOCs), and actions taken.
• Runbook execution for common events such as phishing, suspicious logins, endpoint detections, cloud key/token risk, malware alerts, and data exfiltration signals, including authorized containment actions.
• Threat-aware analysis, mapping alerts to adversary behaviors (e.g., MITRE ATT&CK techniques) to enhance understanding and improve escalation quality.
• Operational hygiene, maintaining accurate shift handovers, updating watchlists and investigation notes, and identifying recurring alert patterns for tuning recommendations.

What We’re Looking For (Minimum Qualifications)

• 0–2 years of experience in a SOC, security monitoring, or IT operations role, or equivalent hands-on experience through internships or labs.
• Practical knowledge of security fundamentals including networking, DNS, HTTP(S), identity/authentication, and basic malware analysis.
• Familiarity with log investigation and event triage concepts.
• Familiarity with common security tools and workflows, such as SIEM (Splunk/Elastic/Sentinel), EDR (CrowdStrike/Defender), ticketing systems (Jira/ServiceNow), and basic SOAR concepts.
• Strong written communication skills to produce clear, escalation-ready tickets and timelines.
• Ability to work rotating shifts/on-call, including weekends and holidays, as required by the coverage model.

Nice To Have (Preferred)

• Cloud security exposure (AWS/GCP/Azure): experience with CloudTrail/Activity Logs, IAM analysis, and detections for token/key misuse.
• Familiarity with incident response frameworks/processes (e.g., NIST incident response guidance).
• Exposure to detection engineering concepts (rule tuning, false-positive reduction), or basic scripting abilities (Python/Bash) for investigation automation.
• Knowledge of the digital-asset ecosystem, including exchanges, custody concepts, and operational risk within 24/7 trading environments.
• Relevant certifications such as Security+, Blue Team Level 1, SSCP, or equivalent practical training.

What Success Looks Like (First 60–90 Days)

• Consistently accurate triage decisions with strong documentation and clean escalations.
• Reliable shift handovers and a measurable reduction in re-opened or incomplete cases.
• Clear recommendations for detection and playbook improvements based on recurring patterns.

Why Keyrock

• Work in a fast-moving, globally distributed environment that is actively shaping the future of digital financial markets.
• A culture that champions ownership, continuous learning, and ongoing improvement.

Key skills/competency

• Security Monitoring
• Alert Triage
• Incident Response
• SIEM
• EDR
• Cloud Security
• Log Analysis
• Threat Detection
• Network Security
• Cybersecurity