Do you want to protect the Nordic maritime industry from cyber threats?

The Security Operations Center (SOC) at NORMA Cyber is responsible for monitoring, detecting, and responding to cyber incidents on our members’ vessels’ IT and OT infrastructure as well as traditional IT infrastructure. The SOC team is the first line of defence to detect attacks on our members’ infrastructure. The department is also responsible for responding to and mitigating ongoing attacks in dialogue with the affected member. The SOC cooperates closely with the Intelligence department to develop and maintain relevant detection capabilities, as well as conducting proactive threat hunting. In the event of a cyber incident, the SOC team can provide incident response and crisis management services to SOC members as well as other NORMA members.

Cyber Security Analyst

As a Cyber Security Analyst, you will monitor, analyse and respond to cyber security events across our members’ environments. You will collaborate closely with senior analysts during escalations, participate in incident response, advise members on mitigation, and set up effective logging and monitoring for visibility across IT and OT systems. In addition to operational responsibilities, you will actively contribute to developing internal tooling and automation to improve detection quality and overall SOC effectiveness.

Responsibilities

• Serve as the primary technical point of contact for designated SOC members, including status meetings and reporting

• Monitor, analyse and triage security alerts across IT and OT environments

• Participate in incident response activities, including containment and mitigation tasks

• Contribute to the development and improvement of detection rules and SOC playbooks

• Act as a technical advisor to members during incident response

• Assist in developing and maintaining internal tooling to automate and improve SOC processes

Desired qualifications

• Bachelor's or Master's in computer science/engineering, information security, cyber security or other relevant field, OR demonstrated competence through work experience, certifications and courses

• Good oral and written communication skills in Norwegian and English

• Experience with log analysis, network traffic analysis and/or EDR/SIEM tooling

• Familiarity of ATT&CK, Diamond Model, Cyber Kill Chain and related frameworks

• Experience with scripting or automation (Python, PowerShell or similar)

• Applicants must qualify for a security clearance up to minimum HEMMELIG

Knowledge/Experience with any of the following is desirable:

• Familiarity with Operational Technology (OT) or maritime IT infrastructure

• Cloud technologies

• Malware analysis, static and/or dynamic

• Experience with software development in object-oriented programming languages such as C#/.NET (or equivalent)

Personal characteristics

• Strong analytical and problem-solving skills

• Social, self-driven and collaborative

• High degree of integrity

• Creative yet systematic approach to tasks

We offer

• Competitive compensation

• Excellent insurance and pension schemes

• Opportunities for growth in a dynamic and evolving industry

• A supportive and inclusive work environment

• Opportunities for professional development, including relevant courses and certifications

• Flexibility, including partial remote work

The Nordic Maritime Cyber Resilience Centre - NORMA Cyber, operational since January 2021, delivers centralised cyber security services to Nordic shipowners and other entities within the Nordic maritime sector. The centre is a joint effort between Den Norske Krigsforsikring for Skib (DNK) and the Norwegian Shipowners’ Association and operates at a non-profit basis. NORMA Cyber aims to be the leading hub for operational cyber security efforts within the Nordic maritime sector and is expected to expand.

NORMA Cyber currently has more than 140 member organisations within the Nordic maritime sector, represented with 1 800+ vessels and offshore units.

The centre delivers a wide variety of cyber security services for its members within intelligence, security operations and crisis response. NORMA Cyber collaborates closely with the Intelligence & Operations Centre (IOC) at DNK and the Contingency Preparedness department at Norwegian Shipowners’ Association.

NORMA Cyber is also a part of the Sectorial Response Function for maritime sector in Norway (normally referred to as the CERT assignment), which is governed by the Norwegian Coastal Administration.