€51,000 – €66,000MidFull Time
Northwave's SOC monitors, detects and responds to threats for organisations across Europe, 24/7. The team operates under real pressure in a high-trust environment where quality is measured in response times and detection accuracy. We are looking for a Deputy Lead who supports the Team Lead in running the operation and developing the team.
What you will do
You are the bridge between the analyst floor and leadership. You coordinate daily operations, mentor Tier 1 and Tier 2 analysts through complex cases, and step in as acting Team Lead when needed. You own operational standards together with the Team Lead, drive alerting optimisation, and regularly take queue work yourself to stay close to the team's reality.
Coordinate daily SOC operations, shift planning and escalations
Mentor analysts and review escalated security incidents
Lead incident response efforts and ensure proper documentation
Own SOC performance dashboards and KPIs with the Team Lead
Drive operational improvement and contribute to threat hunts
Technology and environment:
In addition to the core role, Your work will also require technical expertise in an environment where SOC Operations quality and operational reliability are essential:
· Understand log sources (Windows, Linux, network, cloud, EDR logs) and what “normal vs. abnormal” looks like.
· Understand Detection Rules, KQL Queries, scheduled analytics, and correlation rules.
· Have a strong hands on Incident Response experience, including Triage, containment, eradication and recovery procedures.
· Network Traffic Analysis
· Understand attacker TTPs: lateral movement, privilege escalation, command & control.
· Use of IR tooling (EDR, XDR, packet capture, forensics suites).
· Knowledge of common network protocols (DNS, HTTP/S, SMB, RDP) and how attackers pivot through networks
· Have an understanding of how vulnerabilities are scored, exposure management and prioritization, and how atackers weaponize vulnerabilities.
· Skilled in scripting with Python, Powershell, Bash, creating SOAR Playbooks (eg. In Sentinel, Swimlane)
· Technical awareness of Security Frameworks (NIST 800-61, ISO 27001, CIS Controls)
What we offer
Competitive salary, paid on the 25th, with annual review and 8% holiday allowance
Pension through Nationale Nederlanden, Northwave contributes 50%, including partner pension
25 vacation days plus all Dutch national holidays
Generous special leave for marriage, birth, bereavement, care and parental leave
Lease car based on salary scale (electric welcome), or choose €0.23/km plus 50% of the lease budget as mobility allowance
MacBook, phone and accessories fully provided
€200 net annual allowance for flexible and remote working
Alleo budget for sports, wellness and leisure of your choice
Learning budget from €700 to €1,200 per year, up to €4,500 for longer programmes
Referral bonus when you bring in a great new colleague
Hybrid working from a modern office in Utrecht
Personal growth through the Role Model and FeedForward cycle, your ambitions and development front and centre
What you bring
3+ years leading or coordinating teams in a SOC environment
Hands-on incident response experience (triage, containment, eradication)
Comfortable with detection engineering, KQL, EDR/XDR tooling and SOAR playbooks
Ability to translate complex technical situations into clear priorities
Strong communicator on the analyst floor and in leadership meetings
Relevant degree and fluent English
Interested?
If you are considering a next step where leadership, responsibility and technical development come together, we would love to talk. If you don’t meet every single requirement, we’d still be happy to receive your application
Contact Youri Roelofs at youri.roelofs@northwave-cybersecurity.com
