IT Security – SOC L1/L2 Analyst

Join our Cyber Defence Centre located in Prague working for B2B customers in Czech Republic as well as abroad.

Our SOC team is responsible for detection and response to cybersecurity incidents in various infrastructures and for building international relationships with other SOC and CERT teams across Deutsche Telekom group.

What we expect

SOC L1/L2 specialists in IT security monitoring and analysis. Expertise in evaluation of IT suspicious security events and attacks. Experience with SIEM operations and deployment is an advantage.

We look for

A person with university degree in IT branch or at least two years experience in IT security or IT operations.

  • Basic knowledge of operation systems, databases and computer networks
  • Ability to code or script simple tasks (does not matter in what programming language)
  • Communication in Czech, English and German is a must (day-to-day support of German customers)
  • Experience with OTRS, XSOAR/Demisto or other SOAR tools appreciated
  • Experience with incident management and handling appreciated
  • Experience with ArcSight, Q-Radar or Splunk SIEM tools appreciated

What would be your agenda

  • Continuous processing of alarms from the SOAR queue, prioritized by the severity of each alarm
  • Initial analysis (triage of the alarms)
  • Identification of obvious false positives
  • if necessary assignment to already existing alarms
  • Processing of the alarms according to the customized playbooks
  • Result of alarm processing:
  • Identification as a false positive or
  • Opening a security incident and assigning it to the customer’s ticketing system or
  • Forwarding as alarm to SOC L2 layer for further analysis and if necessary
  • Feedback to SIEM Content Engineering for continuous improvement of the detection scenario
  • Possible consequent deeper analysis in cases which are not described by playbooks
  • Deliver reports and KPI's
  • Respond to audit and regulator requests for information
  • Creation of playbooks for SOC L1 layer
  • Improvement of SOC processes by their automation and siplification

Hands-on experience with the following technology set is appreciated:

  • Ticketing tools (preferably OTRS Storm, PaloAlto Demisto/XSOAR)
  • Microfocus ArcSight ESM and Logger, Q-Radar, Splunk
  • Threat Intelligence / MISP
  • 3PAM CyberArk
  • Sentinel One Endpoint Security
  • Guardium DBAM
  • Linux & Windows


Please send us your profile to

Místo práce

Tomíčkova 2144/1, 148 00  Praha-Chodov, Česká republika


IS/IT: Konzultace, analýzy a projektové řízení, IS/IT: Správa systémů a HW, IS/IT: Vývoj aplikací a systémů

Pracovní poměr

Práce na plný úvazek


T-Mobile Czech Republic a.s.
Martina Lancmanová