Do you want to protect the Nordic maritime industry from cyber threats?

The Security Operations Center (SOC) at NORMA Cyber is responsible for monitoring, detecting, and responding to cyber incidents on our members’ vessels’ IT and OT infrastructure as well as traditional IT infrastructure. The SOC team is the first line of defence to detect attacks on our members’ infrastructure. The department is also responsible for responding to and mitigating ongoing attacks in dialogue with the affected member. The SOC cooperates closely with the Intelligence department to develop and maintain relevant detection capabilities, as well as conducting proactive threat hunting. In the event of a cyber incident, the SOC team can provide incident response and crisis management services to SOC members as well as other NORMA members.

Senior Cyber Security Analyst

As a Senior Cyber Security Analyst, you will have a key role in strengthening our SOC capabilities. You will lead and support complex investigations, guide other analysts, contribute to developing detection logic, and work closely with members during advanced cyber incidents. In addition to operational responsibilities, you will actively contribute to developing internal tooling and automation to improve detection quality and overall SOC effectiveness. You will also be involved in shaping our SOC processes and monitoring architecture.

Responsibilities

• Serve as the primary technical point of contact for designated SOC members, including status meetings and reporting

• Lead analysis, investigation and response during cyber incidents

• Mentor and support other SOC analysts

• Develop detection rules, playbooks and best practices

• Perform deep-dive log, network and malware analysis

• Act as a technical advisor to members during incident response

• Design and develop internal tooling to automate and improve SOC processes

• Contribute to continuous improvement of SOC workflows, tooling and automation

Desired qualifications

• Bachelor's or Master's in computer science/engineering, information security, cyber security or other relevant field, OR demonstrated competence through work experience, certifications and courses

• Good oral and written communication skills in Norwegian and English

• Several years of experience from SOC, CERT/CSIRT, DFIR or similar operational security work

• Strong skills in log analysis, network traffic analysis and EDR/SIEM tooling

• Experience with threat hunting and hypothesis-driven investigations

• Understanding of ATT&CK, Diamond Model, Cyber Kill Chain and related frameworks

• Experience with software development in object-oriented programming languages such as C#/.NET (or equivalent)

• Experience with scripting or automation (Python, PowerShell or similar)

• Ability to handle high-pressure incident scenarios with structure and clarity

• Applicants must qualify for a security clearance up to minimum HEMMELIG

Knowledge/Experience with any of the following is desirable:

• Familiarity with Operational Technology (OT) or maritime IT infrastructure

• Cloud technologies

• Malware analysis, static and/or dynamic

Personal characteristics

• Strong analytical and problem-solving skills

• Social, self-driven and collaborative

• High degree of integrity

• Creative yet systematic approach to tasks

We offer

• Competitive compensation

• Excellent insurance and pension schemes

• Opportunities for growth in a dynamic and evolving industry

• A supportive and inclusive work environment

• Opportunities for professional development, including relevant courses and certifications

• Flexibility, including partial remote work