First-Line SOC Analyst (Freelance)

Location: On-site — Brussels

Contract Type: Freelance / Independent Contractor

Eligibility: EU Nationality required (client access restriction)

Start: ASAP

Role Overview

We are looking for a hands-on First-Line SOC Analyst to join our cybersecurity operations in Brussels. You will be working in a dynamic SOC environment where ~50–60% of your time will be dedicated to first-level alert monitoring, analysis, and escalation. The remaining time will involve supporting SOC improvements through use-case development, scripting, automation, reporting, and collaboration with the wider CSIRT function.

Key Responsibilities

• Perform initial alert triage, investigation, and escalation within the SOC
• Monitor and analyze logs and security events using Splunk
• Work within TheHive for incident case management
• Contribute to SOC tuning, use-case development, and detection improvements
• Support automation workflows (e.g., Tines) when needed
• Assist in reporting and knowledge base updates
• Remain proactive on emerging threats, IOCs, and adversary techniques

Required Skills & Experience

• ~6 years total in IT, with ~3 years in cybersecurity
• Solid experience with SIEM (preferably Splunk)
• Familiarity with incident management platforms (e.g., TheHive)
• Ability to script for automation (PowerShell / Python / Bash)
• Basic understanding of EDR tools (e.g., Bitdefender Gravity)
• Knowledge of digital forensics fundamentals, especially Windows environment
• Cybersecurity certification + incident response or digital forensics certification (GCFA, GCFE, ECIH, OffSec IR-200, etc.)
• English at C1 level