Security Operations Analyst (Secops) - €80.000 - €100.000 A Year

Security Operations Analyst (Secops) - €80.000 - €100.000 A Year
Viseu
Viseu, Viseu District, Portugal

Join to apply for the

Security Operations Analyst (Sec
Ops)

role at

Attio

Base pay range
Attio is on a mission to redefine CRM for the AI era. We’re building the first AI‑native CRM — designed for the most ambitious go‑to‑market teams. We recently announced our $52M Series B, led by GV (Google Ventures), with support from Redpoint, Balderton, Point Nine and 01A. Our team thrives on solving complex technical challenges, delighting our users, and setting a new standard for the industry.

About The Role
The

Security Operations Analyst

is a mission‑critical role within the Security, Infrastructure and Performance team, directly responsible for maintaining a vigilant and robust security posture for the entire organisation. This position focuses on the real‑time protection of all organisational assets, infrastructure, and data. The Analyst is the frontline defender, dedicated to ensuring business continuity and protecting the confidentiality, integrity, and availability of all critical resources.

Core Responsibilities and Duties

Security Monitoring, Triage & Improvement: Rapidly detect and prioritise active threats and vulnerabilities through continuous monitoring (SIEM, EDR, Cloud), ensuring that insights from root‑cause analysis and proactive threat hunting are directly fed back into the engineering process and used to refine detection capabilities.

Incident Response: Serve as the initial responder to security events. Rapidly analyse, classify, and prioritise reported or detected security incidents, determining the scope, severity, and potential impact to the platform.

Compliance: Enforce compliance with internal security policies and regulatory requirements, maintaining meticulous records of all detected security events, analysis findings, and incident response activities.

Competencies and Skills

Security Information and Event Management (SIEM) Platform Expertise

Must have: Hands‑on experience in the operation, administration, and ongoing maintenance of a major SIEM platform.

Desirable: Experience with Google Sec
Ops (formerly Chronicle), including advanced knowledge of data ingestion, rule creation, dashboard development, and optimisation for performance and cost‑effectiveness. The ability to leverage the platform for proactive threat hunting and complex query construction is expected.

Desirable: Proficiency in Google Sec
Ops (formerly Chronicle) SOAR tooling. This includes developing SOAR actions and workflows to automate alert triage, immediate incident mitigation, and response procedures.

Security Incident Response

Must have: Proven experience in the end‑to‑end development, documentation, and execution of comprehensive security incident response playbooks and procedures.

Must have: Practical experience in incident triage, containment, eradication, recovery, and post‑mortem analysis for a wide range of security events (e. G. , malware outbreaks, unauthorised access, data exfiltration, cloud compromises).

Desirable: The ability to lead and coordinate incident response efforts across cross‑functional teams under pressure is crucial.

Security Log and Network Analysis

Must have: Deep expertise in the analysis of security logs from diverse sources (e. G. , operating systems, firewalls, endpoint protection, cloud environments) to identify anomalies, indicators of compromise (IOCs), and root causes of incidents.

Must have: Expert‑level knowledge of common attack vectors, attacker methodologies (e. G. , MITRE ATT&CK framework), and techniques, tactics, and procedures (TTPs) used by various threat actors.

Desirable: Comprehensive understanding of network protocols (e. G. , TCP/IP, DNS, HTTP/S) and their associated traffic patterns to effectively detect malicious activity and understand its propagation.

Vulnerability Management

Must have: Solid familiarity with industry‑standard vulnerability scanning tools (e. G. , Nessus, Qualys, Rapid7, Trivy).

Desirable: Experience managing a vulnerability disclosure or bug bounty program. Testing disclosed vulnerabilities and working with external security researchers.

Desirable: Experience in establishing, running, and managing a continuous vulnerability management lifecycle, including scanning, reporting, prioritisation, and tracking of remediation efforts in coordination with engineering and system owner teams.

What We Offer

Equity in an early‑stage tech company on an incredible trajectory

Apple hardware

Team off‑site in fun places (Barcelona, Lisbon, Malta, Split)

Seniority level
Mid‑Senior level

Employment type
Full‑time

Job function
Information Technology

Industries
Software Development

Referrals increase your chances of interviewing at Attio by 2x.

Compensation Range: €80K - €100K

#J-18808-Ljbffr