Skip to content
mobile-alt icon

Cyber Incident Call

envelope-open icon

00800 1744 0000

map icon



Utrecht, Netherlands



Educational Level:




Security engineer Monitoring

You are responsible for creating the smart detection rules we use in the SOC to make sure we catch bad guys that try to attack our customers.

What You Do

As a detection quality engineer you research attack scenarios and help determine what sort of attacks we need to monitor to keep our customers safe. You know your way in IT-infrastructure and cybersecurity runs in your veins. At Northwave our services are always growing and you have the opportunity to be part of the growth and help protect vital infrastructure in the Netherlands and across Europe. You develop and continously monitoring detection rules, as well as develop new smart ways of improving SOC monitoring in a broader sense. You work together with the other SOC teams on continuous improvement projects and are part of the growth of the SOC capabilities.

The Team

Within our Security Operations Center (SOC) automation plays a major role. Our rapid growth requires continuous work on scalability, efficiency and quality. The in-house developed software ranges from reporting tools and external API links to 24/7 business-critical alarm routing and enrichment. It is necessary to continuously attune the SOC services to the increasing number of client’s and their requirements. You will be part of the SOC Engineering team that works together with the SOC OPS team to deliver our monitoring service.  

You Enjoy

  • A challenging environment to work in
  • Working in a team where fun and collaboration go hand in hand
  • Continuously improving work processes
  • Creating smart tools or add-ons
  • Automating and improving the daily tasks in the SOC

What We expect from you

  • Higly skilled in KQL
  • Preferable 2 to 3 years of working experience
  • Knowledge of the kill chain and working of attacks / the attack landscape
  • Understanding of the Microsoft Defender suite
  • Analytical Skills - researching attack scenarios using real and simulated data to translate patterns into detection logic
  • Social Skills - you can expect a lot of input and questions from various teams that reside in- and outside the SOC. As a DQ engineer your social skills are important as we expect proactive engagement with a wide variety of stakeholders
  • Propper understanding of Suricata (rules) and Zeek (scripts)
  • Proficiency in programming/scripting (preferably Python)
  • Decent understanding of the Windows and Linux OS internals
  • Experience analyzing attack behavior

What you can expect from us

  • Macbook, iPhone and Lease Car
  • Salary between €3000 - €5000 per month, based experience (40 hours a week)
  • 25 vacation days
  • Good retirement arrangement
  • Company wide courses and individual training opportunities to further develop yourself
  • 250 passionated colleagues to work with and learn from
  • Fun company events and parties, check our working at page here for an overview


What is important for you in a next step?  We would like to hear from you! For more information apply directly or contact Bastiaan.