Keyrock · 16 hours ago
SOC Analyst (Level 2)
United States
Full-time
Remote
Mid, Senior Level
2+ years expKeyrock is a leading change-maker in the digital asset space, known for its innovation and partnerships. As a SOC Analyst (Level 2), you will be responsible for handling complex investigations and active incidents, improving SOC quality, and mentoring Level 1 analysts.
FinanceFinTechCrypto & Web3Asset ManagementBlockchainCryptocurrencyFinancial Services
Responsibilities
Take escalations from L1 and independently investigate complex, multi-signal alerts (identity compromise, cloud control-plane abuse, endpoint persistence, lateral movement, suspicious automation, data exfiltration)
Perform deep log/telemetry analysis across SIEM, EDR, cloud logs, IAM signals, network telemetry, email security, and SaaS audit trails
Build and validate hypotheses, pivot across data sources, and produce clear incident timelines and scope assessments
Serve as technical incident lead for defined incident types/severities (or co-lead with IR), driving containment and eradication steps within authorized bounds
Execute and improve response playbooks for key scenarios (phishing/BEC, credential theft, token/key compromise, suspicious API activity, ransomware indicators, insider risk signals)
Coordinate evidence collection and preservation to support legal/compliance needs and potential third-party investigations
Enrich investigations with threat intel (IOCs, TTPs) and map observed behavior to frameworks (e.g., ATT&CK) to improve detection fidelity
Maintain watchlists and detection logic for priority threats relevant to cloud-first financial and digital-asset operations
Tune SIEM correlation rules, EDR policies, and alert thresholds to reduce false positives and increase signal quality
Propose and implement new detections for emerging techniques (identity + cloud abuse, OAuth/app consent attacks, API key leakage, CI/CD pipeline tampering)
Improve runbooks and automate repetitive enrichment steps (SOAR workflows, scripts, queries)
Provide mentorship and real-time guidance to L1 analysts; improve escalation quality through coaching and feedback
Manage shift handovers for active investigations and ensure high-quality case documentation
Contribute to SOC metrics (MTTD, MTTR, false-positive rate, escalation accuracy) and continuous improvement efforts
Qualification
Required
2–5+ years of SOC / incident response / security operations experience (or equivalent hands-on experience in a fast-paced production environment)
Strong ability to investigate across cloud security operations, endpoint security, identity, and core network fundamentals
Proficiency with at least one SIEM and common SOC tooling (e.g., Splunk/Elastic/Sentinel; CrowdStrike/Defender; Jira/ServiceNow)
Ability to write clear incident documentation: timelines, scope, impact, containment actions, and recommended remediations
Comfort operating in an on-call or shift environment (depending on coverage model)
Preferred
Detection engineering experience: correlation rules, Sigma/KQL/SPL, alert pipelines, SOAR automation
DFIR fundamentals: triage acquisition, volatile vs. non-volatile evidence, endpoint artifact analysis
Container/Kubernetes logging and runtime security exposure
Practical scripting (Python/Bash) for analysis and automation
Digital-asset ecosystem exposure and 24/7 trading operations familiarity
Certifications (optional): GCIH, GCIA, GCED, SC-200, AWS Security Specialty, or equivalent
Company
Keyrock
Keyrock develops scalable, transparent proprietary algorithmic technologies to increase the liquidity of financial assets.
Founded in 2017Woluwé-saint-pierre, Brussels Hoofdstedelijk Gewest, BEL
51-200 employees
Funding
Current Stage
Growth StageTotal Funding
$78.11MKey Investors
Middlegame Ventures,SIX FinTech VenturesTenityVolta Ventures
2022-11-30Series B· $72M
2020-10-29Series A· $5.02M
2020-04-20Seed
Leadership Team
Kevin de Patoul
CEO & Co-Founder
Juan David Mendieta Villegas
Co-Founder
Recent News
2025-12-20
2025-10-02
Company data provided by crunchbase