Senior SOC Analyst Cybernetic Defense Solutions Switzerland 

Your Mission: Defend, Detect, Respond

As an Information Security Engineer at HelvetiSec, you will be a key technical defender in our Security Operations Center. Moving beyond Tier 1 alert triage, you will conduct deep-dive investigations, manage complex security incidents, and engineer improvements to our defensive stack. Your work ensures the confidentiality, integrity, and availability of our clients’ sensitive data and systems, directly upholding the trust placed in Swiss-based enterprises.

You will be responsible for transforming raw security data into actionable intelligence, automating response playbooks, and contributing to the architectural evolution of our security platform. This role is a blend of hands-on technical response, client-facing consultation, and continuous improvement.

---

Core Responsibilities & Key Result Areas

1. Advanced Threat Detection & Incident Response

• Serve as a primary escalation point for advanced security incident investigation and containment efforts.

• Perform forensic analysis on endpoints, networks, and cloud environments (AWS, Azure) to determine the scope and root cause of security breaches.

• Lead and document the response to incidents following our ISO 27001-aligned incident response plan.

• Develop and refine detection rules (SIEM queries, YARA rules) to identify novel attack techniques and reduce false positives.

2. Security Infrastructure Management & Engineering

• Manage, configure, and optimize our core security stack: SIEM (Splunk/Sentinel), EDR/XDR (CrowdStrike/Microsoft Defender), Firewalls (Palo Alto/Fortinet), IDS/IPS, and Cloud Security Posture Management tools.

• Engineer and automate security workflows using Python or PowerShell to improve SOC efficiency (SOAR principles).

• Implement and maintain vulnerability management processes, prioritizing remediation based on risk for client environments.

• Conduct security architecture reviews for client projects and provide hardening recommendations.

3. Client Advisory & Compliance Support

• Prepare and present detailed incident reports and threat intelligence briefings to client technical and management teams.

• Assist clients in meeting industry-specific regulatory requirements (e.g., FINMA circulars, HIPAA for pharma clients, ISO 27001).

• Contribute to penetration test scoping and review findings to guide mitigation efforts.

4. Threat Intelligence & Proactive Defense

• Monitor open and closed-source threat intelligence feeds relevant to our client sectors.

• Conduct threat hunting activities based on intelligence and internal data to find latent threats.

• Research emerging adversary Tactics, Techniques, and Procedures (TTPs) and assess their relevance to our client base.

---

Candidate Profile: The Expertise We Seek

Mandatory Qualifications & Experience

• Education: Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or an equivalent technical field.

• Experience: Minimum of 4 years of professional experience in a security operations (SOC), incident response, or security engineering role.

• Technical Proficiency (Hands-on experience required):

  • SIEM & Log Analysis: Advanced query writing and investigation in Splunk, Elastic Stack, Microsoft Sentinel, or similar.

  • Endpoint & Network Security: Deep operational knowledge of EDR tools (CrowdStrike, SentinelOne, Microsoft Defender) and Next-Generation Firewalls.

  • Core IT Concepts: Expert understanding of networking (TCP/IP, DNS, VPNs), operating systems (Windows/Linux), and cloud platforms (AWS, Azure).

  • Scripting/Automation: Proficiency in at least one scripting language (Python strongly preferred) for task automation and tool integration.

• Language: Professional fluency in English (working language). German or French language skills are a significant advantage for client interaction.

Highly Valued Certifications & Skills

• Industry certifications such as GIAC (GCIA, GCIH, GCFA), OSCP, CySA+, or CISSP.

• Practical experience with digital forensics and incident response (DFIR) methodologies and tools.

• Knowledge of Swiss or European data protection laws (FADP, GDPR).

• Experience in securing environments within financial services, healthcare, or international organizations.

Personal Attributes for Success

• Analytical & Calm Under Pressure: Ability to dissect complex attacks and lead response efforts during high-stress situations.

• Client-Oriented & Communicative: Can translate technical threats into business risk for non-technical stakeholders.

• Proactive & Curious: A natural investigator who enjoys learning about new technologies and adversary methods.

• Ethical & Discreet: Unwavering integrity, capable of handling highly confidential information.

---

The HelvetiSec Offer: Life & Career in Switzerland

We provide a comprehensive, competitive package designed for a professional relocating to Switzerland.

• Compensation & Financial Benefits:

  • Competitive Swiss-market salary (CHF 110,000 – 140,000 range, based on experience).

  • Annual performance bonus.

  • Full visa sponsorship and comprehensive administrative support for you and your immediate family (residency permits, registration).

  • Relocation allowance to assist with moving costs.

• Lifestyle & Wellbeing:

  • Prime Zürich location with excellent public transport links.

  • Hybrid work model supporting work-life balance.

  • Five weeks of annual paid vacation in accordance with Swiss standards.

  • Premium Swiss health insurance (obligatory) with premium partially covered by the company.

  • Pension fund (BVG/LPP) contribution.

• Career Growth:

  • Clear path to Senior Engineer, Threat Hunter, or SOC Lead positions.

  • Generous annual training budget for conferences, courses, and certifications.

  • Opportunity to work on diverse, high-stakes challenges for a global clientele from one of the world’s safest and most stable economies.

---

Application Process for Visa Sponsorship

Our process is designed to be transparent and supportive for international candidates.

1. Initial Application: Submit your CV (in English) and a tailored cover letter via our portal. In your cover letter, please explicitly state your need for visa sponsorship and your eligibility to work in Switzerland (e.g., non-EU/EFTA citizenship).

2. Screening & Skills Assessment: Successful candidates will complete a short, practical technical assessment online to evaluate core competencies.

3. First Interview (Virtual): A 60-minute interview with the Head of Security Operations, focusing on technical depth and incident response scenarios.

4. Second Interview (Virtual/In-Person): A panel interview with team members and HR, focusing on cultural fit, client communication, and long-term goals. This includes a detailed discussion about the visa and relocation process.

5. Reference & Background Check.

6. Formal Offer & Visa Initiation: Upon acceptance, we will immediately initiate the Swiss work permit application process (Aufenthaltsbewilligung), providing all necessary documentation and legal support. Your start date will be contingent on permit approval.