Job Description
- *Key Responsibilities** **Security Monitoring \& Alert Triage*** Monitor and triage security alerts and platform health notifications from SIEM (Microsoft Sentinel), NIDS, NMS, and OT\-specific security platforms (Nozomi Vantage, Claroty SRA).
- Perform initial classification of alerts based on severity, asset criticality, and business impact, ensuring
timely action in line with customer SLAs.
- Continuously monitor threat detection (MDR) and platform health (CCM) queues across assigned customer
accounts during shift.
- *Investigation \& Incident Handling**
- Conduct initial investigation and basic correlation of security events following documented SOPs, playbooks, and runbooks.
- Enrich alerts with contextual data — asset information, past incident history, known threat indicators —
and update ticketing systems (ServiceNow, iTop) with structured case notes.
- Identify and escalate complex security incidents, advanced threats, or platform issues to MDR L2 or CCM L2
teams with full context and documented handoff.
- Coordinate with L2 analysts and Security SMEs during critical incidents to support mitigation and closure of
high\-severity events.
- Update and follow incident response playbooks aligned to the OT/ICS threat landscape, including adversary
behaviour in industrial environments.
- *Reporting \& Documentation**
- Maintain thorough documentation of all actions taken, follow\-ups, escalation history, and case closure
notes within the ticketing system.
- Prepare KPI dashboards, shift handover reports, and contribute to Monthly Service Reports (MSRs) for
assigned customer accounts.
- Support SIEM administration activities including ad hoc reporting and basic troubleshooting.
- *Shift Operations \& Team Collaboration**
- Adhere to shift operational standards including ticketing hygiene, SLA adherence, and shift handover
protocols.
- Liaise with internal stakeholders and customer contacts regarding security issues, service updates, and
future recommendations.
- Coordinate with Security SMEs to support the development and tuning of detection rules targeting
adversary activity in ICS/OT domains.
- Support security awareness activities and contribute to internal knowledge\-sharing and knowledge base
updates.
- Participate in SOC shift roster management to ensure continuous 24×7 coverage.
(External) English Qualifications
- 1–3 years of experience in a Security Operations Centre (SOC) or MSSP environment with 24×7 shift
exposure.
- Demonstrated ability to monitor, triage, and investigate security events in a production SOC environment.
- Hands\-on experience with SIEM platforms
- Microsoft Sentinel is essential; Splunk is advantageous.
- Experience working with ticketing platforms such as ServiceNow or JIRA for case handling, alert triage, and
escalation workflows.
(External) English Company Boiler Plate: **Looking to make an IMPACT with your career?**
When you are thinking about joining a new team, culture matters. At Schneider Electric, our values and behaviors are the foundation for creating a great culture to support business success. We believe that our IMPACT values – Inclusion, Mastery, Purpose, Action, Curiosity, Teamwork – starts with us.
IMPACT is also your invitation to join Schneider Electric where you can contribute to turning sustainability ambition into actions, no matter what role you play. It is a call to connect your career with the ambition of achieving a more resilient, efficient, and sustainable world.
We are looking for IMPACT Makers; exceptional people who turn sustainability ambitions into actions at the intersection of automation, electrification, and digitization. We celebrate IMPACT Makers and believe everyone has the potential to be one.
Become an IMPACT Maker with Schneider Electric – apply today!
€40 billion global revenue
\+9% organic growth
150 000\+ employees in 100\+ countries
You must submit an online application to be considered for any position with us. This position will be posted until filled. *Schneider Electric aspires to be the most inclusive and caring company in the world, by providing equitable opportunities to everyone, everywhere, and ensuring all employees feel uniquely valued and safe to contribute their best. We mirror the diversity of the communities in which we operate, and ‘inclusion’ is one of our core values. We believe our differences make us stronger as a company and as individuals and we are committed to championing inclusivity in everything we do.*
- At Schneider Electric, we uphold the highest standards of ethics and compliance, and we believe that trust is a foundational value. Our Trust Charter is our Code of Conduct and demonstrates our commitment to ethics, safety, sustainability, quality and cybersecurity, underpinning every aspect of our business and our willingness to behave and respond respectfully and in good faith to all our stakeholders. You can find out more about our Trust Charter* *here*
- Schneider Electric is an Equal Opportunity Employer. It is our policy to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct.*