Your digital journey starts here!

Create. Grow. Deliver our story to millions.

#BTCode, where technology meets creativity. Code is our universal language and innovation is the fuel that propels us into the future. 🚀

Join Banca Transilvania’s Security Operations Center and help us protect millions of customers by detecting and stopping cyberattacks before they cause harm. If you’re passionate about cybersecurity, thrive on solving complex problems, and want to make a real impact, this is your opportunity.

• Office location: Bucharest or Cluj‑Napoca
• Work schedule: 24/7/365 SOC coverage with alternating shifts and days off. (12/24, 12/48)

What You’ll Do

• Monitor enterprise networks, endpoints, and cloud environments using advanced security tools (SIEM, EDR/XDR, WAF, firewalls, IDS/IPS, email/web security gateways, NAC, ).
• Investigate and handle security incidents end-to-end: confirm incident, collect evidence, contain, coordinate eradication and recovery, document & report, ensure resolution within SLAs.
• Engage external Incident Response retainer when required and collaborate until final resolution.
• Analyze suspicious artifacts using multiple sandboxing.
• Create, refine and maintain SOC use cases and alerts aligned to MITRE ATT&CK; continuously tune detections, thresholds, and automation to improve fidelity.
• Recomand event correlation improvements; propose detection logic improvemens.
• Collaborate with infrastructure, application, risk, and security engineering teams to validate findings, coordinate remediation, and improve security posture.
• Maintain and improve operational documentation, investigation notes, and playbooks.
• Participate in war rooms, internal reviews, side projects, and initiatives requiring SOC expertise; stay current on cybersecurity trends, emerging threats, and best practices, sharing knowledge with the team.

What We’re Looking For

• Experience: Hands-on work in a 24/7 SOC or Incident Response team, with strong skills in alert triage, investigation, and incident handling. Hands-on experience with SIEM, EDR/XDR, WAF, IDS/IPS, firewalls and email/web security gateways; previous experience in telco network ops, enterprise sysadmin, cloud engineering, DB admin or web development is a plus.
• Technical Foundation: Solid understanding of TCP/IP, DNS, email/web protocols, encryption, Windows/Linux/Unix internals, Active Directory, and log analysis across multiple sources.
• Threat & Malware Knowledge: Familiarity with malware behavior, emerging threats and threat actor tactics; experience with malware triage and sandbox analysis.
• Detection Engineering: Ability to write and tune SIEM/XDR queries, design use cases, and reduce false positives while maintaining coverage.
• Automation & Scripting is a plus: familiar with Python, PowerShell, or shell scripting; exposure to SOAR workflows.
• Cloud & Modern Stacks: Experience investigating alerts in cloud environments (Azure, AWS) and working with AV, WAF, IDS/IPS, proxies, email/web gateways, and load balancers.
• Soft Skills: Analytical mindset, attention to detail, clear communication, diplomacy under pressure, and sound decision-making.
• Education & Certifications: Degree in Computer Science or related field (or equivalent experience); certifications like Security+, CEH, or SANS (GCIH, GCFA, GCFE, GREM, GPEN, GXPN) are a plus.
• Work Style: Organized, proactive, collaborative, and adaptable to changing priorities.
• Language: Proficient in English.

Ready to venture into this technological journey?

If you want to find out what other jobs we still have available, like Life at BT or what #Culture BT is, you can also access the Bank's career website: https://cariere.bancatransilvania.ro/