Strength. Care. Growth

A1 Competence Delivery Center is a vital component of A1’s telecommunications business. Acting as an expertise hub, CDC is dedicated to delivering a full range of high-quality IT, network, financial and other services to support A1’s operations across all OpCos, independent of location.

Using the power of being OneGroup and leveraging synergies, CDC enables transparency of resources, key skills and knowledge expansion and personal career growth opportunities’ enhancement, paired with job stability.

You will know we are the right place for you, if you are driven by:

• Opportunities to learn and build your career.
• Meaningful work in a stable and fast-paced company.
• Diversity of people, projects, and platforms.
• A supportive, fun, and inspiring place to work.

​Role Overview:

As a SOC L2 Analyst, you will play a key role in protecting A1 Group by leading advanced security investigations, conducting deep technical analysis, and proactively searching for threats across our environment.

This role focuses on deep‑dive incident investigation, threat intelligence enrichment, threat hunting, and digital forensics. The position is regular 8‑hour workdays (Monday–Friday) with participation in the on‑call rotation.

Role insights:

• Leading and owning in‑depth investigations of complex and escalated security incidents.
• Performing advanced analysis of endpoint, identity, network, and cloud telemetry to uncover attacker behavior.
• Correlating data across SIEM, EDR, and threat intelligence sources to identify patterns, attack paths, and root causes.
• Supporting evidence acquisition, forensic triage, and artifact analysis on compromised systems.
• Collaborating with L1 analysts and providing technical guidance, coaching, and mentorship.
• Developing and refining playbooks, detection use cases, and SOC workflows to improve detection and response capabilities.
• Leading and contributing to proactive threat‑hunting missions and hypothesis‑driven security assessments.
• Working closely with internal stakeholders to drive incident response and strengthen defensive posture.

What makes you unique:

• Minimum 3+ years of hands‑on experience in SOC, CSIRT, DFIR, threat hunting, or cyber operations.
• Strong experience with SIEM platforms (Splunk, Microsoft Sentinel) and EDR/XDR tools (Microsoft Defender for Endpoint/Server/Identity).
• Solid understanding of frameworks such as MITRE ATT&CK, NIST, or CIS Controls.
• Ability to take full ownership of investigations and independently drive them to successful closure.
• Experience performing threat hunting, forensic triage, and attacker technique analysis.
• Experience with scripting or automation (PowerShell, Python) is a plus.
• Relevant certifications such as SC‑200, CompTIA CySA+, Splunk Certified Power User, BTL1/BTL2, or similar.
• German language skills are a bonus.

Our gratitude for the job done will be eternal, but we’ll also offer you:

• Innovative technologies and platforms to work with.
• Modern working environment for your comfort.
• Friendly, ambitious, and motivated teammates to support each other.
• Thousands of online and in-person learning opportunities for you to grow.
• Challenging assignments and career development opportunities in multinational environment.
• Attractive compensation package.
• Hybrid working model.
• Numerous additional benefits, including, but not limited to free A1 services.

If you have any questions,  please do not hesitate to contact Nadya Georgieva.