Share this Job




We drive the transformation of the financial markets. That’s why we invest in bright minds, in their ideas, knowledge and development. We do that by combining our best sides.


If you would like to find out why stability makes us so agile, why experience makes us so curious and why empathy makes us so impactful, apply now for the position of



 Cybersecurity Analyst

Madrid | 100 % | Reference 3527


BME is the infrastructure of all the securities markets and financial systems in Spain and is owned by SIX.


As a member of our Security Operations Center (SOC), you will apply your technical know-how to drive our detection and investigation capabilities. You will work hand in hand with technology partners to engineer and operate our security stack, increase the level of automation, and evaluate improvements.



What You Will Do

  • Management of the ecosystem of log management technologies (Splunk UF, Farebeats WEF, etc.) including data lakes and SIEM solutions (Splunk, ELK)
  • Monitor, triage and analyze log data, network traffic and alerts generated by a variety of security technologies in real-time, escalate and write up security incidents report detailing its characteristics and containment activities to the line management.
  • Research new threats/vulnerabilities and ensure appropriate detections capabilities are in place to identify and response to them
  • Deployment and tuning of new rules and SIEM content (creation and updating of the SOC documents set (e.g., use cases playbooks, etc.)
  • Hunting will be part of your duties to improve detection, converting your hunts results into use cases
  • Support the log onboarding process

What You Bring

  • A minimum of 3+ years of experience working in cybersecurity as an analyst or incident responder, preferably in a SOC or CSIRT
  • Excellent understanding of malware families, attack vectors, vulnerabilities, OWASP, MITRE ATT&CK tactics and techniques, threat and outbreak containment, incident response, etc. 
  • Experience with EDR solutions (Cisco AMP, Microsoft Defender ATP, Tanium) and  with scripting tools and programming languages such as PowerShell. Python is a plus
  • Familiarity with monitoring cloud-based environments (in particular O365 and Microsoft Azure). Knowledge in Linux practical forensic analysis is a plus
  • Certifications (SANS, ISACA, ISC2, etc.) is a plus
  • Good level of English
  • Willingness to participate in 24x7 on-call rotation

If you have any questions, please call German Lopez Arranz at +34 91 709 5771.


For this vacancy we only accept direct applications.


Diversity is important to us. Therefore, we are looking to receiving applications regardless of any personal background. 

What We Offer

Flexible Work Models
We trust our employees and offer a work environment that is well-balanced, productive and fosters success. 

Personal Development
You will benefit from a culture of continuous learning and feedback. Your personal growth is supported through an extensive learning offering.

Agile Working Methods 
Whether through scrum or design thinking,
we solve exciting tasks together in teams.