Do you want to protect the Nordic maritime industry from cyber threats?

The Security Operations Center (SOC) at NORMA Cyber is responsible for monitoring, detecting, and responding to cyber incidents on our members’ vessels’ IT and OT infrastructure as well as traditional IT infrastructure. The SOC team is the first line of defence to detect attacks on our members’ infrastructure. The department is also responsible for responding to and mitigating ongoing attacks in dialogue with the affected member. The SOC cooperates closely with the Intelligence department to develop and maintain relevant detection capabilities, as well as conducting proactive threat hunting. In the event of a cyber incident, the SOC team can provide incident response and crisis management services to SOC members as well as other NORMA members.

Cyber Security Analyst

As a Cyber Security Analyst, you will monitor, analyse and respond to cyber security events across our members’ environments. You will collaborate closely with senior analysts during escalations, participate in incident response, advise members on mitigation, and set up effective logging and monitoring for visibility across IT and OT systems. In addition to operational responsibilities, you will actively contribute to developing internal tooling and automation to improve detection quality and overall SOC effectiveness.

Responsibilities

• Serve as the primary technical point of contact for designated SOC members, including status meetings and reporting

• Monitor, analyse and triage security alerts across IT and OT environments

• Participate in incident response activities, including containment and mitigation tasks

• Contribute to the development and improvement of detection rules and SOC playbooks

• Act as a technical advisor to members during incident response

• Assist in developing and maintaining internal tooling to automate and improve SOC processes

Desired qualifications

• Bachelor's or Master's in computer science/engineering, information security, cyber security or other relevant field, OR demonstrated competence through work experience, certifications and courses

• Good oral and written communication skills in Norwegian and English

• Experience with log analysis, network traffic analysis and/or EDR/SIEM tooling

• Familiarity of ATT&CK, Diamond Model, Cyber Kill Chain and related frameworks

• Experience with scripting or automation (Python, PowerShell or similar)

• Applicants must qualify for a security clearance up to minimum HEMMELIG

Knowledge/Experience with any of the following is desirable:

• Familiarity with Operational Technology (OT) or maritime IT infrastructure

• Cloud technologies

• Malware analysis, static and/or dynamic

• Experience with software development in object-oriented programming languages such as C#/.NET (or equivalent)

Personal characteristics

• Strong analytical and problem-solving skills

• Social, self-driven and collaborative

• High degree of integrity

• Creative yet systematic approach to tasks

We offer

• Competitive compensation

• Excellent insurance and pension schemes

• Opportunities for growth in a dynamic and evolving industry

• A supportive and inclusive work environment

• Opportunities for professional development, including relevant courses and certifications

• Flexibility, including partial remote work