SIX drives the transformation of financial markets.

 

What sets us apart drives us ahead: between local roots and global relevance, we are a unique blend of tradition and future, of foundation and growth. We value bright minds and inspire them to grow with their ideas. Come and shape the future of finance with us.

 

 

 Incident Responder

Madrid | Working from home up to 40% | Reference 8166

 

 

The Security Operations Center (SOC) is a critical Line of Defense 1 function at SIX, responsible for detecting, investigating, and responding to cyber threats across endpoint, identity, network, cloud, and email environments. We are looking for a hands-on security professional with experience in incident response, threat hunting, and security monitoring. In this role, you will investigate complex alerts, develop and tune detection use cases, support containment and remediation efforts, improve automation and playbooks, and proactively identify threats to strengthen SIX's overall security posture.

 

What You Will Do

  • Develop, tune, and maintain threat detections and SIEM use cases across endpoint, network, identity, cloud, mail, and M365 environments.
  • Investigate complex security incidents, lead threat analysis, and coordinate containment and remediation activities.
  • Design and improve detection content, SOC automation, SOAR workflows, and incident response playbooks.
  • Conduct proactive threat hunting using threat intelligence and the MITRE ATT&CK framework.
  • Identify detection gaps and continuously enhance SOC capabilities and security posture.
  • Mentor junior analysts and contribute to SOC process improvements and knowledge sharing.

What You Bring

  • 5+ years of experience in SOC operations, detection engineering, threat hunting, and incident response.
  • Hands-on experience with SIEM, EDR, and SOAR platforms (preferably Sentinel, Elastic, Defender for Endpoint, and Cortex XSOAR).
  • Strong background in detection rule development, security investigations, and threat hunting across multiple telemetry sources.
  • Experience with scripting, automation, APIs, and tools such as Python, GitLab, Azure DevOps, and CI/CD practices.
  • Knowledge of security query languages and frameworks, including MITRE ATT&CK.
  • Strong analytical, communication, collaboration, and mentoring skills.

If you have any questions, check out our FAQ page or call German Lopez Arranz at +34 91 709 5771.

 

For this vacancy we only accept direct applications.

 

Diversity is important to us. Therefore, we are looking to receiving applications regardless of any personal background. 

What We Offer

Flexible Work Models
We trust our employees and offer a work environment that is well-balanced, productive and fosters success. 

Personal Development
You will benefit from a culture of continuous learning and feedback. Your personal growth is supported through an extensive learning offering.

Agile Working Methods 
Whether through scrum or design thinking,
we solve exciting tasks together in teams.