Rolex SOC & CSIRT Engineer

Rolex is a world‑leading Swiss watchmaker recognised for technical excellence, precision engineering and uncompromising quality. As an employer it offers a discreet, high‑performance environment anchored in craftsmanship and long‑term stability, with an emphasis on professional rigor and cross‑disciplinary collaboration.

1. Manage, maintain and optimise SOC technologies and platforms to ensure high availability and detection fidelity.
2. Plan, implement and configure new security solutions to enhance detection and response capabilities.
3. Continuously monitor SOC tooling to identify opportunities for technical and operational improvement.
4. Provide advanced technical support for forensic analysis, threat hunting and insider‑threat detection.
5. Lead investigations for critical or complex security incidents, coordinate remediation and oversee containment measures.
6. Develop, review and update incident response plans and procedures; drive post‑incident lessons learned and continuous improvement.
7. Design and refine detection use cases (SIEM rules, SOAR playbooks, EDR workflows) in collaboration with SOC analysts.
8. Deploy and run programmes such as self‑assessments, CTI, deception and red‑team/blue‑team exercises to strengthen security posture.
9. Train and coach SOC team members on tool usage, investigative techniques and incident response best practices.
10. Work closely with Security Architecture & Engineering to ensure seamless integration of new security products and alignment with organisational standards.

1. Higher education degree in computer science, information systems security or a closely related discipline.
2. Minimum five years of practical experience in a SOC or incident response function, including project management and technology deployment.
3. Proven experience deploying and operating SIEM, SOAR, EDR and network detection systems (IDS/IPS).
4. Demonstrable expertise in cloud security platforms and tooling (O365, Defender, Sentinel, Google SCC).
5. Advanced skills in forensic analysis, proactive threat hunting, CTI and deception techniques.
6. Familiarity with recognised security frameworks and standards (ISO 27001, NIST, MITRE ATT&CK).
7. Ability to lead and resolve critical incidents autonomously, rapidly diagnose breaches and define containment/remediation actions.
8. Strong communication, stakeholder management and team coaching capabilities; resilient under pressure and highly autonomous.

1. SIEM
2. SOAR
3. EDR
4. IDS/IPS
5. O365
6. Defender
7. Sentinel
8. Google SCC
9. forensic analysis
10. threat hunting
11. CTI
12. deception
13. ISO 27001
14. NIST
15. MITRE ATT&CK
16. SIEM rules
17. SOAR automation

Minimum five years of hands‑on experience in SOC operations and incident response, including deployment and lifecycle management of SIEM, SOAR, EDR and network detection technologies.

Higher education degree in computer science, information systems security, cybersecurity or a related field.

Flexible working arrangements; comprehensive social benefits.

The workplace culture privileges craftsmanship, precision and discretion, combining high technical standards with long‑term career stability. Teams are collaborative and multidisciplinary, with an expectation of professionalism, continuous improvement and respect for confidentiality.