SOC Analyst - Incident Response

Since 2011, SQUAD Group has been a key player in the cybersecurity landscape. We partner with leading organizations to protect their information systems through a comprehensive 360° offering of consulting, integration, expertise, and managed services.

Our mission: Securing Together!

We believe in a collaborative approach to cybersecurity, where experts and clients work hand-in-hand to anticipate threats and protect critical infrastructure.

As part of our growing team, we're seeking a SOC Analyst to join a top-tier Incident Response team, defending the digital assets of a company that connects hundreds of millions of people every month. The position is fully remote within Spain.

Your Role

You are a hands-on incident responder. From the moment an alert fires to final resolution, you investigate, contain, and document security incidents with rigor and autonomy. Phishing and email-based attacks make up a significant share of the workload, so a sharp eye for email analysis is essential.

Your Responsibilities

• Investigate and respond to security incidents across their entire lifecycle, from detection and triage through containment, root cause analysis, and closure.

Interested in remote work opportunities in IT & Network Engineering? Discover IT & Network Engineering Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Analyze suspicious emails and phishing campaigns, leveraging header analysis and authentication standards (SPF, DKIM, DMARC).
• Respond to a variety of alert types, including malicious URLs and compromised domains.
• Apply and contribute to incident response playbooks, bringing analytical judgment to every investigation.
• Build and run XQL queries in the Palo Alto Cortex platform to support and accelerate investigations.
• Produce clear, structured incident documentation and escalate appropriately.

What You Bring

• 1–3 years of hands-on SOC experience with strong operational fundamentals.
• A solid grasp of incident triage and investigation methodology — you understand why an alert fired, not just how to close it.
• Practical experience analyzing phishing and email-borne threats.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Familiarity with Palo Alto Cortex (XSIAM/XDR) and XQL is a strong asset; Microsoft Sentinel/KQL experience is also welcome.
• A rigorous, transparent approach to investigation — you verify before concluding.
• Genuine motivation to build a career in Incident Response.

Preferred Certifications:BTL1/BTL2, GIAC GCIH, Palo Alto Networks Cortex XDR/XSIAM certifications, Microsoft SC-200

Why Join Squad?

• Personalized Growth: We help you build a training and certification plan aligned with your professional goals through our SquadeXpérience.
• Expertise Development: Participate in internal events like our MixYourTalent webinars and monthly CTF sessions.
• Visibility: Attend major industry conferences and contribute to our #TheExpert technical blog.
• Culture: Enjoy a dynamic and close-knit environment with after-work events and team gatherings that foster great camaraderie.