SOC Incident Response Analyst

About AkzoNobel

Since 1792, we’ve been supplying the innovative paints and coatings that help to color people’s lives and protect what matters most. Our world class portfolio of brands – including Dulux, International, Sikkens and Interpon – is trusted by customers around the globe. We’re active in more than 150 countries and use our expertise to sustain and enhance the fabric of everyday life. Because we believe every surface is an opportunity. It’s what you’d expect from a pioneering and long-established paints company that’s dedicated to providing sustainable solutions and preserving the best of what we have today – while creating an even better tomorrow. Let’s paint the future together.

For more information please visit www.akzonobel.com 

© 2024 Akzo Nobel N.V. All rights reserved.

Job Purpose

Cyber security is a top priority for AkzoNobel as for any global organization operating in the cyberspace. Our objective is to protect our information and digital assets (IT and OT) by reducing our cyber risk exposure to pursue our business objectives.

As part of the new cyber security strategy, supported by the ExCo, we have recently redefined our security governance in line with the evolution of the threat landscape and modern best practices. In this regard the new Information Security function, under responsibility of the CISO and part of the IT, is responsible for Information and cyber security for the entire organization covering Cyber Risk Management & Compliance, Security Architecture, Security Operations and Cyber Security Awareness and Training.

Security Operations, led by the Security Operations Manager covers all the operational aspects of cyber security within Second Line of Defense including the three core cyber security processes: Vulnerability Management, Security and Threat Monitoring, and Cyber Security Incident.

We are looking for a seasoned and proactive  SOC Incident Response Analyst to join our Cybersecurity Operations team. This role will be responsible for managing alerts & incidents that are raised by the MSSP provider. From investigation to containment and remediation, this role is responsible to manage those end to end.

Key Activities

Incident Command: Act as the Incident Commander during security incidents, ensuring timely and effective resolution of alerts triaged by the Managed Security Service Provider (MSSP).

Investigation & Analysis: Conduct detailed investigations into security alerts to determine the scope, impact, and root cause of incidents. Utilize Microsoft Defender, Sentinel, and Azure tools for analysis and incident management.

Remediation & Containment: Provide clear and actionable remediation and containment instructions to IT and relevant teams to mitigate and resolve security incidents. Ensure all stakeholders are aligned in restoring operations while preventing further escalation.

Crisis Management Support: Support on crisis management during high-severity incidents, ensuring effective communication and status reporting.

Automation Integration: Assist on automation and hyper-automation tools to improve incident response efficiency. Participate in design and implementation of automated workflows to accelerate threat detection, investigation, containment, and remediation processes.

Incident Documentation: Maintain accurate incident records, including detailed timelines, incident impact assessments, and post-incident analysis reports. Ensure compliance with internal and regulatory requirements for incident documentation.

Collaboration & Communication: Work closely with internal IT teams, external MSSP providers, and other stakeholders to ensure a coordinated response to incidents.

Continuous Improvement: Conduct post-incident reviews to identify lessons learned and propose improvements to response processes. Work with the security operations team to enhance detection, investigation, and remediation capabilities.

These key responsibilities are peered with key technologies (and linked skills) that are used in the company environment:

• Microsoft Defender Suite (Endpoint, Identity, Office, Cloud Apps)
• Zscaler Technologies, including ZIA and ZPA
• Microsoft Sentinel and Azure Logic Apps (automation and orchestration)
• Nozomi (OT/IoT network visibility and threat detection)

Familiarity with API integrations, automation scripting (PowerShell, KQL), and incident enrichment techniques is highly desirable.

Experience

• 5+ years of hands-on experience in incident response, SOC operations, or threat detection roles within large and complex environments.
• Demonstrated experience in incident response efforts in real-world scenarios, including root cause analysis, containment, and lessons learned processes.
• Strong understanding of enterprise security architecture, endpoint and network detection tools, and alerting pipelines.
• Solid experience with Microsoft security technologies, especially Microsoft Defender XDR and Sentinel.
• Practical knowledge of SOC automation practices using tools such as Logic Apps, playbooks, or SOAR platforms.
• Demonstrated ability to work collaboratively, make sound decisions under pressure, and coordinate across teams during high-impact security events.
• Strong knowledge of incident handling frameworks, playbook development, and SOC maturity models.
• Certifications in incident response, such as GCIH, GCFA, GCIA, or similar.
• General blue team certifications such as SC-200, AZ-500
• Experience in operationalizing threat intelligence and aligning detection strategies to frameworks such as MITRE ATT&CK.
• Prior experience assessing and improving SOC performance against frameworks like NIST, MITRE D3FEND, or CMMI.

At AkzoNobel we are highly committed to ensuring an inclusive and respectful workplace where all employees can be their best self. We strive to embrace diversity in a context of tolerance. Our talent acquisition process plays an integral part in this journey, as setting the foundations for a diverse environment. For this reason we train and educate on the implications of our Unconscious Bias in order for our TA and hiring managers to be mindful of them and take corrective actions when applicable. In our organization, all qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age or disability.

Requisition ID: 47658