Do you want to protect the Nordic maritime industry from cyber threats?

The Security Operations Center (SOC) at NORMA Cyber is responsible for monitoring, detecting, and responding to cyber incidents on our members’ vessels’ IT and OT infrastructure as well as traditional IT infrastructure. The SOC team is the first line of defence to detect attacks on our members’ infrastructure. The department is also responsible for responding to and mitigating ongoing attacks in dialogue with the affected member. The SOC cooperates closely with the Intelligence department to develop and maintain relevant detection capabilities, as well as conducting proactive threat hunting. In the event of a cyber incident, the SOC team can provide incident response and crisis management services to SOC members as well as other NORMA members.

Senior Cyber Security Analyst

As a Senior Cyber Security Analyst, you will have a key role in strengthening our SOC capabilities. You will lead and support complex investigations, guide other analysts, contribute to developing detection logic, and work closely with members during advanced cyber incidents. In addition to operational responsibilities, you will actively contribute to developing internal tooling and automation to improve detection quality and overall SOC effectiveness. You will also be involved in shaping our SOC processes and monitoring architecture.

Responsibilities

• Serve as the primary technical point of contact for designated SOC members, including status meetings and reporting

• Lead analysis, investigation and response during cyber incidents

• Mentor and support other SOC analysts

• Develop detection rules, playbooks and best practices

• Perform deep-dive log, network and malware analysis

• Act as a technical advisor to members during incident response

• Design and develop internal tooling to automate and improve SOC processes

• Contribute to continuous improvement of SOC workflows, tooling and automation

Desired qualifications

• Bachelor's or Master's in computer science/engineering, information security, cyber security or other relevant field, OR demonstrated competence through work experience, certifications and courses

• Good oral and written communication skills in Norwegian and English

• Several years of experience from SOC, CERT/CSIRT, DFIR or similar operational security work

• Strong skills in log analysis, network traffic analysis and EDR/SIEM tooling

• Experience with threat hunting and hypothesis-driven investigations

• Understanding of ATT&CK, Diamond Model, Cyber Kill Chain and related frameworks

• Experience with software development in object-oriented programming languages such as C#/.NET (or equivalent)

• Experience with scripting or automation (Python, PowerShell or similar)

• Ability to handle high-pressure incident scenarios with structure and clarity

• Applicants must qualify for a security clearance up to minimum HEMMELIG

Knowledge/Experience with any of the following is desirable:

• Familiarity with Operational Technology (OT) or maritime IT infrastructure

• Cloud technologies

• Malware analysis, static and/or dynamic

Personal characteristics

• Strong analytical and problem-solving skills

• Social, self-driven and collaborative

• High degree of integrity

• Creative yet systematic approach to tasks

We offer

• Competitive compensation

• Excellent insurance and pension schemes

• Opportunities for growth in a dynamic and evolving industry

• A supportive and inclusive work environment

• Opportunities for professional development, including relevant courses and certifications

• Flexibility, including partial remote work

The Nordic Maritime Cyber Resilience Centre - NORMA Cyber, operational since January 2021, delivers centralised cyber security services to Nordic shipowners and other entities within the Nordic maritime sector. The centre is a joint effort between Den Norske Krigsforsikring for Skib (DNK) and the Norwegian Shipowners’ Association and operates at a non-profit basis. NORMA Cyber aims to be the leading hub for operational cyber security efforts within the Nordic maritime sector and is expected to expand.

NORMA Cyber currently has more than 140 member organisations within the Nordic maritime sector, represented with 1 800+ vessels and offshore units.

The centre delivers a wide variety of cyber security services for its members within intelligence, security operations and crisis response. NORMA Cyber collaborates closely with the Intelligence & Operations Centre (IOC) at DNK and the Contingency Preparedness department at Norwegian Shipowners’ Association.

NORMA Cyber is also a part of the Sectorial Response Function for maritime sector in Norway (normally referred to as the CERT assignment), which is governed by the Norwegian Coastal Administration.