Senior SOC Analyst

At Nortal, we believe in thinking big – creating solutions that have a meaningful, far-reaching impact, whether through digitizing governments, improved healthcare, convenient telecom services, or creating a competitive edge and agility for large businesses, industry, and manufacturing companies. Our projects have touched more than half a billion people's lives worldwide, and we're just getting started.

To keep our global operations secure and resilient, we're expanding our cybersecurity team. We are seeking a Senior SOC Analyst who ensures early detection, efficient response, and in-depth analysis of cybersecurity incidents across Nortal's global environments. You will strengthen our detection and response capabilities, contribute to proactive threat management, and support the professional growth of SOC operations and junior analysts.

You will play a central role in building and evolving Nortal's hybrid SOC capability - in cooperation with managed service providers (MDR/SOCaaS), cloud operations teams, and internal stakeholders. Help shape the future of Nortal's global security operations while supporting the evolution of our SOC maturity roadmap.

• Identify, investigate, and resolve cybersecurity incidents and alerts across Nortal's environments (M365, Azure, AWS, and on-premises).
• Provide detailed analysis, containment, and remediation recommendations.
• Conduct post-incident investigations to identify attack vectors, exploited vulnerabilities, and process gaps.
• Perform forensic acquisition and analysis of digital evidence (system images, network logs, malware samples).
• Execute proactive threat-hunting operations across corporate and cloud systems.
• Leverage hypothesis-driven detection and behavioural analytics to uncover stealthy threats.
• Contribute to the continuous improvement of detection rules and monitoring logic.
• Maintain and enhance SOC monitoring, alerting, and response workflows, ensuring optimal performance of SOC tools (EDR, SIEM, NDR, and log analytics).
• Analyse malware samples, campaigns, and adversary behaviours targeting Nortal or its clients.
• Conduct internal knowledge-sharing sessions and contribute to playbook development.
• Document incident-handling procedures, investigation steps, and conclusions.

• 5+ years of experience in Security Operations, Incident Response, or Threat Hunting.
• Strong understanding of attack vectors, network protocols, and Windows/Linux internals.
• Experience with SIEM, EDR, and log analysis (e.g., Microsoft Sentinel, Defender, Wazuh).
• Proven experience conducting forensics and root cause analysis.
• Excellent written and verbal communication in English.

Bonus Skills

• Knowledge of Azure and AWS security tooling.
• Familiarity with MITRE ATT&CK framework.
• Scripting or automation skills (Python, PowerShell).
• Previous exposure to SOCaaS or MDR coordination.

Why Nortal?

• We hire people not only for their skills but also for cultural add. We live by our values: commit to delivering value and results, take ownership, empower yourself and others, and own your future and growth. Besides our professionalism, we like to spice things up with good humor.
• We care about your growth & development. At Nortal, we support constant improvement and knowledge sharing. In addition to the external and internal training, we have a well-established mentorship program and strong 1:1 culture.
• We prioritize your health & well-being by providing a flexible package for health insurance and sports initiatives.
• We support your work-life balance and provide flexible working hours.
• It's your choice whether you want to work from the office or remotely within Estonia.
• We have also launched the Nortal Nomad program for people wanting to move short-term to some other country.