Security Analyst

Security Analyst (Threat Detection & Response)

We are SIBS Romania. We operate in the area of financial services for banking and retail and we are passionate about simplifying daily life by innovating financial technology.

We believe that teamwork is a key element in achieving success, and we are proud to work with talented, persevering people who are not afraid to express their most creative ideas. We make a priority to ensure a workplace that drives, engages and retains them.

What makes SIBS a Great place to work?

Here are a few highlights:

• The team: you’ll work with team players that are smart & friendly and that really care about the work they do, and there are plenty of happy hours and team building events to connect outside work;
• The growth and innovation: as part of a growing team, you’ll have lots of opportunities for career development and be exposed to the latest technologies due to our focus on innovation on the exciting and fast growing payments industry;
• The benefits: you’ll have access to a generous benefits package, like access to Bookster library, a top health insurance and competitive salaries with performance rewards.

Key Responsibilities

• Triage and investigate security alerts from the SIEM and EDR platform, determining whether activity is benign, a false positive, or a genuine threat requiring escalation.
• Perform first-line investigation of endpoint, network, authentication, and application alerts, correlating data across multiple sources to establish what happened and what the impact is.
• Monitor the security team’s queues, triaging user reports, alert notifications, and security queries to ensure each is actioned, escalated, or closed appropriately.
• Investigate reported phishing emails, analyzing headers, links, attachments, and sender infrastructure to determine intent and impact, and coordinate containment and user follow-up where needed.
• Monitor and investigate DLP alerts, distinguishing genuine policy violations and data exposure from false positives and escalating confirmed incidents.
• Document investigations clearly and consistently, recording findings, evidence, and reasoning so that conclusions are reproducible and audit-ready.
• Identify opportunities to improve detection coverage by proposing new detection rules, tuning noisy or low-value alerts, and recommending suppression where appropriate.
• Assist with basic detection engineering tasks, including building and refining queries, adjusting rule logic, and validating that detections behave as intended.
• Track investigations and escalations through the ticketing platform, ensuring findings are followed up and closed with proper documentation.
• Support regulatory compliance activities by providing structured evidence related to monitoring, logging, and alert handling during audits and assessments.

Qualifications Required

• 1-3 years of hands-on experience in a SOC, detection, or security analyst role.
• Practical experience with SIEM and/or EDR alert triage at any level (for example Elastic, Splunk, Microsoft Sentinel, CrowdStrike, or similar).
• Solid understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, common ports and protocols) and the ability to reason about network-based alerts.
• Working knowledge of Linux and Windows operating systems, since most alerts involve host-level activity such as processes, authentication, and system events.
• Exposure to phishing analysis and email-based threats, including an understanding of how to read email headers and assess malicious indicators.
• Ability to read and understand basic scripts (for example PowerShell, Bash, or Python) well enough to follow what they do during an investigation.
• Strong analytical mindset, attention to detail, and the curiosity to dig into alerts rather than close them at face value, with the initiative to follow investigations through to a clear conclusion.

Preferred

• Security or networking certifications (for example CompTIA Security+, CySA+, or CCNA).
• Exposure to compliance-driven environments such as PCI DSS or DORA.
• Experience writing or modifying detection queries or scripts for triage and reporting tasks.
• Understanding of common attack techniques and frameworks such as MITRE ATT&CK.

Growth Opportunity

This role is a strong entry point into a broader security career, with the opportunity to grow into security engineering and architecture over time, taking on deeper detection development, automation, and proactive threat hunting as skills mature.