SOC Analyst

Certora

Certora

IT

Multiple locations

Posted on Apr 22, 2026
Apply now
Security · Multiple locations · Fully Remote

SOC Analyst

About Certora

Certora is the security assurance partner trusted by the most advanced teams in Web3. Founded in 2018 by pioneers in programming languages and formal methods, Certora helps leading protocols like Lido, Aave, Uniswap, and Compound secure billions in value with confidence.

But we’re not just another auditor. We’re a full-stack security assurance platform, combining best-in-class formal verification tools with expert advisory services, delivered on time and with zero compromise. Whether you’re launching a new protocol, upgrading core infrastructure, or securing a DeFi primitive, Certora doesn’t just look for vulnerabilities. We help you prove correctness, accelerate your development speed, and embed safety into your design from day one.

With Certora, you get:

- Proven, scalable tooling for checking real deployed code

- A deep partnership model with on-demand support

- Fast, responsive execution that helps you go-to-market faster

For us, security isn’t a checklist, it’s a continuous process. Certora is the most comprehensive and trusted platform to ensure your platform is protected, even under adversarial conditions. From testnet to mainnet, we’re with you.


About the Role

Certora is looking for an experienced SOC Analyst to join our Security Operations team.

This role is centered around three core areas: SOC operations, incident response, and Web3 investigations. It is designed for a security professional who can take ownership of security events from initial triage through full investigation and response, while working effectively across internal teams and customer-facing situations.

This role goes beyond alert monitoring and triage. It requires strong investigative capabilities, including event research, enrichment, root-cause analysis, and building a clear operational understanding of incidents across multiple environments. We are looking for someone with strong Web2 security fundamentals and deep understanding of Web3 security investigations, attack patterns, and response workflows.

This is a non-shift position. However, availability outside business hours is required in the event of critical incidents.


Key Responsibilities

  • Perform day-to-day SOC operations, including alert handling, triage, escalation, and response coordination

  • Lead end-to-end security incident investigations and response activities

  • Handle containment, eradication, recovery, and post-incident follow-up

  • Investigate and analyze security events across SIEM, EDR, cloud, and Web3-related data sources

  • Conduct deep event research and enrichment to establish context, assess impact, and support decision-making during incidents

  • Perform root-cause analysis and build a clear operational understanding of incidents across multiple systems and environments

  • Produce clear investigation reports, technical findings, and executive-level summaries

  • Work directly with customers during active security events in a professional and structured manner

  • Develop and maintain playbooks, runbooks, and operational procedures

  • Build and maintain automations using SOAR platforms, scripting, and API-based workflows

  • Develop, tune, and optimize detection rules and correlation logic

  • Improve SOC operational effectiveness and KPIs such as MTTD, MTTR, automation coverage, and detection quality

  • Contribute to cross-functional security initiatives and continuous improvement of team processes

  • Fluent English, with the ability to communicate clearly and professionally in both written and verbal form


Mandatory Requirements

  • 3+ years of experience as a SOC Analyst, Incident Responder, or in a similar security operations role

  • Proven experience handling security incidents end-to-end

  • Strong hands-on experience in SOC operations, incident response, and security investigations

  • Strong knowledge of Web2 security fundamentals and deep understanding of Web3 security

  • Proven experience investigating Web3 attacks, including areas such as smart contracts, wallet abuse, transaction analysis, and on-chain activity investigation

  • Experience working directly with customers during security incidents or security operations engagements

  • Advanced hands-on experience with Splunk, including:

    • Writing and tuning detection rules

    • Parsing and data onboarding

    • Understanding Splunk architecture

    • Detection optimization and correlation logic

  • Experience working with EDR solutions such as SentinelOne, CrowdStrike, Microsoft Defender, or similar

  • Strong threat hunting and complex query-writing capabilities

  • Experience building automations and writing scripts using Python, Bash, and APIs

  • Ability to work independently, take ownership, and drive tasks through to completion

  • Strong written and verbal communication skills in English

  • Ability to work effectively in a remote environment while maintaining clear, proactive, and structured communication with the team lead and the rest of the team

Nice to Have

  • Experience with Detection-as-Code methodologies

  • Experience with SOAR platforms

  • Cloud security experience in AWS / Azure / GCP

  • Experience working in a startup or high-growth environment

  • Strong incident response methodology knowledge, including root-cause analysis and lessons-learned processes

Who You Are

  • Independent, accountable, and comfortable taking ownership end-to-end

  • Proactive, hands-on, and solution-oriented

  • A strong communicator and team player, with the ability to work remotely while maintaining clear and structured reporting

  • Fast learner, able to quickly ramp up on new technologies, domains, and attack patterns

  • Analytical and methodical, with strong investigative and root-cause analysis skills

  • Able to communicate technical findings clearly to both technical and non-technical stakeholders

  • Process-oriented, with a continuous improvement mindset

  • Automation-driven and focused on operational efficiency


Certora People

We are Customer Centric, when we commit, the customer knows we will deliver in a quality and timely manner.

We Move Fast - we’re looking for people with a bias for action and a sense of urgency to achieve quick results while we also Break Nothing – we have high-quality standards, we are looking for people who are professional and hold themselves accountable.

We win as a Team – our teams are distributed around the world. We understand our individual roles and commit to the team's goals.

We have a positive “can do” attitude. We support each other and are encouraged to ask for help and advice. We enable people to grow by clarifying expectations and giving candid feedback and on-the-job development opportunities. We welcome collaboration both internally and externally for outstanding delivery.

We are Pioneers in DeFi security. We are one of the best companies to help developers and security researchers secure Web3, but we try to stay humble and are always eager to learn more.

Why join Certora?

Certora provides you a wonderful opportunity to:

  • Work on cutting-edge technology and challenging problems at the forefront of Web3 applications and technologies

  • Contribute to securing the web3 ecosystem with the leading provider of end-to-end security for blockchain-based applications

  • Experience a friendly creative start-up environment with top talent in the domain

  • Work in a fast-paced and supportive culture: we move fast and break nothing!

  • Enjoy flexible work (remote / hybrid)

  • Get competitive compensation & benefits (including equity)

Department
Security
Locations
Argentina, Brazil, Bulgaria, Czech Republic, India, Vietnam
Remote status
Fully Remote
Employment type
Full-time
Security · Multiple locations · Fully Remote

SOC Analyst

Apply now
See more open positions at Certora