Security Analyst | Cloud & Security Tooling | Global Data Platform The Role This is a broad, hands-on security role sitting within a growing technology function, where you’ll act as the local security presence in Sofia while working closely with a London-based InfoSec leadership team. You won’t be operating as a front-line SOC analyst. Instead, you’ll oversee and challenge an outsourced SOC and MSSP, take ownership of security tooling, and help mature security processes across the business. The emphasis is on judgment, pragmatism, and understanding security in the context of a real-world commercial environment. You’ll be trusted to think before you act, balance risk with business impact, and help shape how security operates as the organisation scales. What They’re Looking For (Non-Negotiables) You will bring a broad security background rather than a narrow, tool-specific or purely SOC-focused profile. Specifically, you will have: Incident response experience, with a calm, considered approach to containment and escalation Security operations experience, including working with or alongside a SOC or MSSP Vulnerability management experience, with the ability to assess risk rather than blindly patch everything Firewall and network security understanding, including how traffic flows and controls are applied The ability to document processes clearly so others can follow them Strong communication skills and confidence working with both technical and non-technical stakeholders A mindset focused on sense-checking alerts, recommendations, and vendor output rather than taking everything at face value What You’ll Work With You’ll be exposed to a modern, cloud-first security stack and will help ensure the tools are configured and used in a way that genuinely suits the business: Azure cloud environments EDR tooling (e.g. SentinelOne, CrowdStrike equivalents) SIEM platforms and log sources (including upcoming migrations and improvements) Vulnerability management tooling Web Application Firewall technology Email security platforms MITRE ATT&CK framework for threat mapping and alert quality Pen test outputs, security findings, and remediation planning You won’t be expected to know every tool listed, but you need to understand the concepts behind them. Nice to Haves Experience improving SOC alerts or tuning detections beyond default settings Exposure to cloud security posture management or container security Familiarity with patching strategies, cadence decisions, and risk-based remediation Experience working in environments where security supports delivery rather than blocks it An active interest in security news and emerging threats, with the ability to translate that into business relevance Why Join / Projects Be the first dedicated security hire based in Sofia, with real ownership and visibility Work closely with senior InfoSec leadership rather than being buried in a ticket queue Shape how an outsourced SOC is run, challenged, and improved Drive process maturity across incident response, vulnerability management, and alerting Join a culture where security is about enablement, pragmatism, and trust — not knee-jerk reactions Play a key role as the wider technology function grows in Bulgaria Employee Benefits Hybrid working model (Sofia office 2 days a month) Competitive local market salary Paid annual leave Pension contributions Flexible approach to incidents (time back rather than rigid on-call rotas) Exposure to a global technology and security function Security Analyst | Cloud & Security Tooling | Global Data Platform