About us
At Principal33 we strive to make happiness at work a reality. Because it's not just about the money, it's also about the work environment and appreciation. It's about creating the best team setup you can imagine and getting involved in the things you're passionate about. And you can be a part of it, because it's fun to get things done
Overview
The Security Analyst is responsible for monitoring, analysing, and investigating security
events across the organisation's technology environment. The role focuses on threat detection, alert triage, incident investigation, and security analysis, working closely with SOC partners, incident response teams, and security engineering functions.
This is an
operational security analysis role,
not a security engineering or platform ownership
position
Key Responsibilities
* Security Monitoring & Threat Detection
Monitor security alerts and events generated by endpoint, network, and cloud security tools.
Analyse detections from platforms such as CrowdStrike, SIEM, and other security controls.
Validate alerts to distinguish true security incidents from false positives.
Identify malicious activity, suspicious behaviour, and policy violations.
* Incident Investigation & Response Support
Perform in-depth investigation of security events requiring local analysis.
Lead L2-level investigations escalated from MSSPs or L1 analysts.
Collect and analyse endpoint, log, and contextual data to determine scope and impact.
Support incident response activities, including: Evidence gathering, timeline reconstruction, root cause analysis.
Escalate confirmed incidents appropriately and collaborate with stakeholders during response.
* Threat Intelligence Consumption & Analysis
Consume and analyse threat intelligence from internal and external sources.
Understand attacker techniques, tools, and campaigns relevant to the organisation.
Use threat intelligence to: Enrich investigations, improve alert interpretation, provide context during incidents.
Share relevant intelligence insights with security and technology teams.
* MSSP & Detection Operations Support
Act as the internal escalation point for tickets received from MSSP partners.
Review MSSP findings, validate conclusions, and determine next actions.
Establish and follow clear procedures for handling security detections that require local investigation.
Provide feedback to improve detection quality and reduce noise.
* SIEM & Detection Content Support
Support day-to-day use of the SIEM and detection platforms from an analyst perspective.
Validate log visibility and detection effectiveness for investigation needs.
Assist with: Detection testing, alert tuning recommendations, use-case validation.
Work with security engineering teams to improve monitoring coverage.
* Vulnerability & Exposure Analysis (Analyst Context)
Analyse vulnerability and exposure information when it is relevant to:
Active incidents: Threat actor activity, exploitability during investigations.
Assist in validating whether vulnerabilities are being exploited in the environment.
Escalate high-risk or actively exploited vulnerabilities to appropriate remediation owners.
* Reporting & Communication
Document investigations clearly and accurately.
Produce incident and investigation reports suitable for technical and non-technical audiences.
Communicate risk and findings effectively to security leadership and technical teams.
Contribute to post-incident reviews and lessons learned.
Required Experience & Skills
* Experience working as a Security Analyst or SOC Analyst (L2 level or equivalent).
* Strong investigation and analytical skills.
* Hands-on experience with endpoint detection and response tools (e.g. CrowdStrike).
* Understanding of: common attack techniques and threat actor behaviours, log analysis and alert triage, incident response processes.
* Ability to work calmly and methodically during security incidents.
Desirable Skills
* Experience working with MSSPs or hybrid SOC models.
* Familiarity with SIEM platforms and detection logic.
* Basic understanding of vulnerability and exploit concepts.
* Experience supporting incident response exercises or simulations.