SOC Analyst Mexico City, Mexico ZEISS is technology and innovation. Founded in Germany in 1846, we’re an internationally leading technology enterprise operating in the optics and optoelectronics industries generating more than 10.8 billion Euros in revenue with around 46,000 employees across 50 countries around the globe. As a company wholly owned by a foundation, ZEISS is rooted in and committed to responsibility in all its activities. Therefore, 15% of revenue is currently invested in science and R&D. As the pioneer of scientific optics, we continue to challenge the limits of human imagination. With our passion for excellence we create value for our customers and inspire the world to see in new ways. We’re looking for a SOC Analyst to join us in Mexico City, Mexico. Your Role The role of an SOC Analyst will involve: As L3 SOC Internal Analyst, you lead the day‑to‑day operations of our Cyber Defense Center (CDC) and set the direction for effective monitoring, investigation, and incident response across all SOC tiers. You act as the primary interface to our Managed Security Service Provider (MSSP) and as the senior escalation point for our most complex and high‑impact investigations. Beyond the operational lead role, you shape and steer our threat hunting activities, ensuring they are risk‑driven, measurable, and firmly anchored in CDC governance. In close collaboration with engineering, CIRT, threat intelligence, and other capability functions, you drive the continuous evolution of our detection and response capabilities and help strengthen the organization's overall security posture. - Act as the single point of contact for the MSSP conducting SOC 24/7 monitoring and manage vendor performance, outputs, and service assurance. - Serve as the L3 escalation point for complex alerts, incidents, and investigations, providing senior technical expertise and decision‑making. - Coordinate and lead response to incidents across SOC tiers and ensure effective handover to the CIRT for high and critical cases. - Own the SIEM/SOAR detection lifecycle, including log source onboarding, continuous fine‑tuning of detection rules, and review/validation of use cases. - Define threat hunting objectives, aligning them with the CDC’s strategic goals and coordinate MSSP-led threat hunting activities. - Develop and produce monthly KPI dashboards and reporting to demonstrate SOC performance and drive improvements. - Work with the engineering team to increase log coverage, telemetry quality, and overall visibility across the monitored environment. - Serve as Duty Operational Manager on a rotational on‑call basis (24/7/365), providing senior operational oversight and incident support out of hours. Your Experience As an SOC Analyst you will have: - Degree in Computer Science, IT Security, or a related field, or equivalent work experience. - Several years of experience in a Security Operations Center, incident response, or threat detection role, including senior/L3 responsibilities and team or vendor coordination. - Excellent communication and stakeholder management skills, with the ability to translate technical findings for both technical and executive audiences. - Experience in incident response, threat detection, or security monitoring, with expertise in detection and response workflows. - Strong ability to work under pressure, prioritize critical incidents, make rapid decisions, and support on‑call escalation. - Hands‑on experience with SIEM, SOAR, and EDR technologies, as well as a solid understanding of detection technologies such as IDS/IPS, DLP, and WAF. - Understanding of security threats and attack frameworks such as MITRE ATT&CK and the Cyber Kill Chain. - Ability and drive to review, manage and continously improve vendor performance, contracting and metrics with clear accountability and follow‑through. - Experience leading threat hunting activities, including defining hypotheses, objectives, and measurable outcomes. - Familiarity with EU cybersecurity regulations relevant to SOC operations (e.g., NIS2 Directive) is a plus. - Professional certifications such as CISM, GCIA, GCIH, or CISSP are a plus. - Fluency in English; German is a plus.