SOC Tier 2 - Threat Responder

Wondercom – 25+ years of excellence in Telecommunications & Network Solutions

Wondercom is expanding its footprint in the cybersecurity domain and we are looking for a Cybersecurity Threat Responder to join our team supporting the Vodafone Business Customer Security Operations Centre (VB SOC) in Portugal.

If you want to be part of a new, high-impact project with international exposure, this is your opportunity.

Role Purpose

As a Tier 2 Cybersecurity Threat Responder, you will play a key role in protecting our clients’ critical assets by proactively identifying, analysing, and mitigating security threats. You will work closely with L1 and L3 teams, ensuring strong incident response, continuous improvement of SOC processes, and maintaining the confidentiality, integrity, and availability of sensitive information.

Main Responsibilities

• Handle proactive and reactive multichannel customer interactions, ensuring an excellent customer experience.
• Analyse security incidents, determining severity, impact, and root cause.
• Improve monitoring, investigation, and incident response procedures.
• Support L1 analysts and collaborate with L3 experts for process and platform enhancement.
• Maintain clear documentation of incidents and response actions.
• Stay current on cybersecurity threats, trends, and tools.
• Promote security best practices and awareness internally.

Core Competencies & Experience

• 1–2 years’ experience in a standard SOC (security monitoring, incident handling or analysis).
• Hands-on experience with SIEM (e.g., Google SecOps, Splunk, QRadar, Chronicle), EDR (e.g., Trend, MS Defender, Crowdstrike).
• Solid understanding of firewalls (Fortinet, Palo Alto, CheckPoint), SSE/SASE, cloud security, WAF, DLP, malware protection, threat intelligence.
• Knowledge of attacker TTPs, MITRE ATT&CK / Shield.
• Familiarity with malware analysis tools, SOAR and open-source threat intelligence.
• Strong analytical mindset, attention to detail and problem-solving ability.

Qualifications

• Bachelor’s degree in Electronics, Computer Engineering or similar.
• Preferably certified in GIAC GCIH, CySA+, SIEM/SOAR, SASE/SSE, firewalls.
• Networking certifications (e.g., CCNA) are a plus.
• Fluent in English and Portuguese (customer support).
• Ethical, motivated, collaborative, and eager to learn.

What We Offer

• Monday–Friday schedule: 09h00–18h00
• On-call availability required (approx. 1 week/month)
• Hybrid work model – Parque das Nações, Lisbon
• Initial training on tools and processes
• International environment with interaction across global SOCs
• Opportunity to join a major cybersecurity project starting in Portugal
• Career development in a growing cybersecurity practice