Senior SOC engineer

At spotit, we go beyond monitoring – we empower our clients to stay ahead of cyber threats. For a major player in the Belgian utilities sector, we are looking for a Senior SOC Engineer to join a dedicated OneTeam group – a close collaboration between our client and spotit.

In this role, you will help build a smart and scalable SOC environment that supports both proactive and reactive cybersecurity efforts. You’ll contribute to planning, building, and improving the SOC setup, while playing a critical role in advanced incident response (L2-L3), automation, and process optimization. Your expertise will directly shape how threats are detected, analyzed, and neutralized.

This is more than a job – it’s a mission to strengthen the digital safety of critical infrastructure.

What will you do?

• Design and build automated playbooks in platforms like Cortex XSOAR
• Develop API integrations with external systems to support security use cases
• Maintain and improve existing automation pipelines and custom tooling
• Provide support in incident response, forensic investigations, and root cause analyses
• Drive process improvements within the SOC to boost detection and response capabilities
• Advise analysts on complex incidents and guide them with technical expertise
• Help build a smarter, more efficient and scalable SOC environment
• Participate in the on-call rotation to ensure 24/7 coverage for critical incidents
• Collaborate with spotit’s SOC for L1 support – your focus will be on L2-L3 response

A day in the life of a SOC engineer

You start your day with a short sync with the OneTeam group – security specialists from both spotit and our client align priorities and share updates on the latest developments. A complex alert catches your attention: a suspicious pattern in log data suggests lateral movement. You dive in, coordinate with the L1 team, and build a tailored Cortex XSOAR playbook to handle similar cases faster in the future.

Later in the day, you improve an existing automation flow to reduce false positives and help a junior analyst navigate a critical alert. You end your day testing a new API integration you built for the threat intel platform – saving hours of manual work per week. It’s not just technical work – it’s meaningful impact.

Your profile

• Proven experience as a Security Engineer, preferably within a SOC environment
• Strong knowledge of Python and scripting for automation purposes
• Experience with Cortex XSOAR or similar SOAR platforms
• In-depth understanding of incident response, SIEM/SOAR workflows, and log analysis
• Skilled in API development (RESTful APIs, JSON, etc.)
• Familiar with security frameworks like MITRE ATT&CK
• Able to work independently and within a collaborative team environment
• Strong communication skills in Dutch and English

Nice to have:

• Experience with SIEM, EDR, or XDR platforms
• Knowledge of cloud security (Azure, AWS, GCP)
• Familiarity with infrastructure-as-code and CI/CD pipelines

“This isn’t your typical SOC role. At spotit, and especially in this OneTeam setup, we get to shape how security works at scale – we’re not just reacting to threats, we’re building the future of proactive defense.”
— Bob, SOC Practice Lead

Our offer

Match made in heaven? We reward that!

• Competitive salary: enhanced with numerous benefits.
• Company car with charging pass: so you’re covered on the road.
• Hybrid work environment: avoid traffic jams.
• Continuous learning opportunities: a wide range of training options to keep you growing.
• Legendary team-building activities: quarterly fun events that have become the stuff of spotit legends.
• A passionate team of experts: ready to share their knowledge and passion for what they do best.