SOC L2 Analyst

FP Markets Group of Companies is a well-established multi-regulated broker, founded in Australia, offering traders access to CFD trading on Forex, Indices, Commodities, Stocks and Cryptocurrencies. We are growing and looking to recruit a Full-time SOC L2 Analyst in Cyprus office - a certified Great Place to Work®.

We're looking for a SOC L2 Analyst to take ownership of escalated alerts, lead investigations, and drive detection engineering across our security operations stack. You'll work hands-on with Wazuh, CrowdStrike, and osquery — digging into endpoints, correlating signals, and turning incidents into hardened detections.

What You'll Work With: Wazuh · CrowdStrike Falcon · osquery · MITRE ATT&CK · Sigma / YARA · Python · PowerShell

Reporting to: Head of Security and Infrastructure

Responsibilities:

• Triage and investigate escalations from L1, including EDR, SIEM, and threat intel alerts
• Lead incident investigations end-to-end — scoping, containment, eradication, recovery
• Perform host and endpoint forensics: process trees, persistence, lateral movement, artifacts
• Analyze suspicious binaries and scripts; identify malware behavior and IOCs
• Tune and develop detections in Wazuh and CrowdStrike — rules, custom queries, response actions
• Write and maintain osquery packs for fleet-wide investigation and continuous monitoring
• Hunt proactively for threats using EDR telemetry, logs, and threat intelligence
• Produce clear incident reports — technical findings, timeline, root cause, recommendations
• Contribute to playbooks, runbooks, and post-incident reviews
• Partner with IT, infrastructure, and engineering teams on remediation and hardening

Candidate profile:

• 3+ years in SOC, incident response, or threat hunting roles (L2 level)
• Hands-on production experience with Wazuh — rules, decoders, agents, integrations
• Hands-on CrowdStrike Falcon experience — investigations, RTR, custom IOAs
• Strong osquery skills — writing queries, building packs, fleet-wide hunts
• Solid understanding of malware behavior, common TTPs, and the MITRE ATT&CK framework
• Investigation experience across Windows, Linux, and macOS endpoints
• Log analysis and correlation across endpoint, network, identity, and cloud sources
• Familiarity with reverse engineering concepts — static and dynamic analysis basics
• Experience with fraud detection and incident response
• Scripting in Python, PowerShell, or Bash

Nice to Have:

• Digital forensics experience — disk, memory, timeline analysis (Volatility, Velociraptor, KAPE)
• Deeper reverse engineering skills (IDA, Ghidra, x64dbg)
• Detection engineering with Sigma, YARA
• Cloud incident response (AWS, GCP, Azure)
• Threat intelligence and IOC pivoting (MISP, OpenCTI, VirusTotal)
• Certifications — GCIH, GCFA, GCFE, GREM, OSCP, CrowdStrike CCFA / CCFR
• Experience in regulated environments (fintech, financial services)

Our offer:

• A certified Great Place to Work®  reflecting our commitment to a positive culture, employee well-being, and support
• Welcoming, young and multicultural team with approachable leadership
• Ability to contribute to dynamic business at a growth phase
• High level of autonomy, support of ideas and putting your expertise into the best practices for the company
• Continuous personal development, training budget, growth with the company and opportunity to learn from industry leaders
• Competitive remuneration, regular salary reviews and performance-based incentive schemes
• Vibrant company life: from team activities to global celebrations
• New beautiful office in an easily accessible location with company-provided fruits, breakfasts and lunches
• Free access to multiple sports and wellness facilities across the country
• Free company-provided parking
• Medical insurance and pension fund after probation period
• A gift and a day off on your Birthday
• Visa and work permit support if required 

Journey to FP Markets:

• Interview with People Function member (30 - 45 min) to assess match to our culture
• Interview with your future manager (45 min - 1 hour) to assess match to the job and the team and discuss role expectations

Join our team and be a part of a professional, rapidly-growing company operating in a multicultural environment!