SOC Analyst

About Keyrock

Since our beginnings in 2017, Keyrock has grown to be a leading change-maker in the digital asset space, renowned for our partnerships and innovation. Today, we boast over 200 team members globally, representing 42 nationalities, with backgrounds spanning from DeFi natives to PhDs. Predominantly remote, we maintain hubs in London, Brussels, Singapore, and Paris, fostering strong team cohesion through regular online and offline hangouts.

We actively trade on more than 80 exchanges and collaborate with a wide array of asset issuers. As an established market maker, our expertise has driven rapid expansion. Our services now encompass market making, options trading, high-frequency trading, OTC, and DeFi trading desks, alongside digital asset management. Keyrock is strategically expanding to become a full-service financial institution through both organic innovation and inorganic growth.

More than just a service provider, we are an initiator and pioneer. We lead the adoption of the Rust Development language for our algorithmic trading systems and champion its use industry-wide. We support Web3 startups through our Accelerator Program, enhance ecosystems by injecting liquidity into promising DeFi, RWA, and NFT protocols, and advance the industry through our research and governance initiatives. At Keyrock, we are not just envisioning the future of digital assets; we are actively building it.

Role Summary

As a SOC Analyst, you will serve as the first line of defense, monitoring, triaging, and escalating security alerts within Keyrock's cloud-first, high-availability trading environment. Your role involves diligently following established playbooks and runbooks to validate alerts, enrich investigations with crucial context, and ensure prompt escalation to Level 2 Incident Response teams.

What You’ll Do (Core Responsibilities)

• 24/7 monitoring and alert triage across SIEM/EDR/cloud security tooling; accurately identify false positives versus credible threats and assign appropriate severity levels.
• Conduct initial investigation and enrichment by gathering relevant logs/telemetry, adding context, and meticulously documenting findings within the case/ticketing system.
• Ensure timely escalation and coordination of confirmed or suspected incidents to L2/IR teams, providing a complete handoff including timeline, scope, IOCs, and actions taken.
• Execute runbooks and SOPs for common security events such as phishing, suspicious logins, endpoint detections, cloud key/token risks, malware alerts, and data exfiltration signals, including authorized containment actions.
• Perform threat-aware analysis by mapping alerts to adversary behaviors (e.g., MITRE ATT&CK techniques) to enhance understanding and improve escalation quality.
• Maintain operational hygiene through accurate shift handovers, updating watchlists and investigation notes, and identifying recurring alert patterns to recommend tuning improvements.

What We’re Looking For (Minimum Qualifications)

• 0–2 years of experience in a SOC, security monitoring, or IT operations role, or equivalent hands-on experience gained through internships or labs.
• Practical knowledge of fundamental security concepts including networking, DNS, HTTP(S), identity/authentication, and basic malware analysis.
• Familiarity with log investigation and event triage methodologies.
• Experience with common security tools and workflows, such including SIEM (Splunk/Elastic/Sentinel), EDR (CrowdStrike/Defender), ticketing systems (Jira/ServiceNow), or basic SOAR concepts.
• Strong written communication skills, capable of producing clear, concise, and escalation-ready tickets and timelines.
• Ability to work rotating shifts or on-call as required, including weekends and holidays, depending on the coverage model.

Nice To Have (Preferred)

• Exposure to cloud security platforms (AWS/GCP/Azure), including experience with CloudTrail/Activity Logs, IAM analysis, and detection of token/key misuse.
• Familiarity with incident response frameworks and processes, such as NIST incident response guidance.
• Exposure to detection engineering concepts (e.g., rule tuning, false-positive reduction) or basic scripting skills (Python/Bash) for investigation automation.
• Knowledge of the digital-asset ecosystem, including exchanges, custody concepts, and operational risks within 24/7 trading environments.
• Relevant certifications such as Security+, Blue Team Level 1, SSCP, or equivalent practical training.

What Success Looks Like (First 60–90 Days)

• Consistently make accurate triage decisions supported by strong documentation and clean escalations.
• Maintain reliable shift handovers and achieve a measurable reduction in re-opened or incomplete cases.
• Provide clear recommendations for detection and playbook improvements based on identified recurring patterns.

Why Keyrock

Work in a fast-moving, globally distributed environment that is actively shaping the future of digital financial markets. Join a culture that champions ownership, continuous learning, and constant improvement.

Key skills/competency

• SIEM
• EDR
• Cloud Security
• Incident Response
• Threat Triage
• Network Security
• Endpoint Detection
• Log Analysis
• MITRE ATT&CK
• Cybersecurity Operations