# SOC L2 Analyst **Company:** [FP Markets](http://jobs.workable.com/companies/tVZf6MdFwScrmY5VrWaPfB.md) **Location:** Limassol, Cyprus **Workplace:** hybrid **Department:** IT [Apply for this job](http://jobs.workable.com/view/4acddc4c-1d7e-4152-a758-373551cdef5d) ## Description **FP Markets Group of Companies** is a well-established multi-regulated broker, founded in Australia, offering traders access to CFD trading on Forex, Indices, Commodities, Stocks and Cryptocurrencies. We are growing and looking to recruit a Full-time **SOC L2 Analyst** in Cyprus office - a certified Great Place to Work®. We're looking for a SOC L2 Analyst to take ownership of escalated alerts, lead investigations, and drive detection engineering across our security operations stack. You'll work hands-on with Wazuh, CrowdStrike, and osquery — digging into endpoints, correlating signals, and turning incidents into hardened detections. **What You'll Work With:** Wazuh · CrowdStrike Falcon · osquery · MITRE ATT&CK · Sigma / YARA · Python · PowerShell **Reporting to:** Head of Security and Infrastructure **Responsibilities**: - Triage and investigate escalations from L1, including EDR, SIEM, and threat intel alerts - Lead incident investigations end-to-end — scoping, containment, eradication, recovery - Perform host and endpoint forensics: process trees, persistence, lateral movement, artifacts - Analyze suspicious binaries and scripts; identify malware behavior and IOCs - Tune and develop detections in Wazuh and CrowdStrike — rules, custom queries, response actions - Write and maintain osquery packs for fleet-wide investigation and continuous monitoring - Hunt proactively for threats using EDR telemetry, logs, and threat intelligence - Produce clear incident reports — technical findings, timeline, root cause, recommendations - Contribute to playbooks, runbooks, and post-incident reviews - Partner with IT, infrastructure, and engineering teams on remediation and hardening **Candidate profile:** - 3+ years in SOC, incident response, or threat hunting roles (L2 level) - Hands-on production experience with Wazuh — rules, decoders, agents, integrations - Hands-on CrowdStrike Falcon experience — investigations, RTR, custom IOAs - Strong osquery skills — writing queries, building packs, fleet-wide hunts - Solid understanding of malware behavior, common TTPs, and the MITRE ATT&CK framework - Investigation experience across Windows, Linux, and macOS endpoints - Log analysis and correlation across endpoint, network, identity, and cloud sources - Familiarity with reverse engineering concepts — static and dynamic analysis basics - Experience with fraud detection and incident response - Scripting in Python, PowerShell, or Bash **Nice to Have:** - Digital forensics experience — disk, memory, timeline analysis (Volatility, Velociraptor, KAPE) - Deeper reverse engineering skills (IDA, Ghidra, x64dbg) - Detection engineering with Sigma, YARA - Cloud incident response (AWS, GCP, Azure) - Threat intelligence and IOC pivoting (MISP, OpenCTI, VirusTotal) - Certifications — GCIH, GCFA, GCFE, GREM, OSCP, CrowdStrike CCFA / CCFR - Experience in regulated environments (fintech, financial services) **Our offer:** - A certified Great Place to Work®  reflecting our commitment to a positive culture, employee well-being, and support - Welcoming, young and multicultural team with approachable leadership - Ability to contribute to dynamic business at a growth phase - High level of autonomy, support of ideas and putting your expertise into the best practices for the company - Continuous personal development, training budget, growth with the company and opportunity to learn from industry leaders - Competitive remuneration, regular salary reviews and performance-based incentive schemes - Vibrant company life: from team activities to global celebrations - New beautiful office in an easily accessible location with company-provided fruits, breakfasts and lunches - Free access to multiple sports and wellness facilities across the country - Free company-provided parking - Medical insurance and pension fund after probation period - A gift and a day off on your Birthday - Visa and work permit support if required  **Journey to FP Markets:** - Interview with People Function member (30 - 45 min) to assess match to our culture - Interview with your future manager (45 min - 1 hour) to assess match to the job and the team and discuss role expectations Join our team and be a part of a professional, rapidly-growing company operating in a multicultural environment!