Tier 3 Cyber Security Analyst
at Rabobank
Posted 8 days ago
No clicks
- Compensation
- €5,876 – €10,074 EUR
- City
- Utrecht
- Country
- Netherlands
Currency: € (EUR)
Coordinate and guide Tier 1 & 2 analysts, ensuring high-quality results and leveraging your DFIR expertise. As a Tier 3 Cyber Security Analyst, you translate complex security telemetry into actionable insights and maintain oversight in high-pressure incidents. You act as the subject-matter expert, serving as a technical authority during major incidents and shaping threat-hunting and detection strategies. You contribute to continuous improvements in incident response readiness and monitoring quality within Rabobank's Security Operations team.
This is what we offer you
- Salary: Gross monthly salary between EUR 5,876 and EUR 10,074 (scale 10) for a 40-hour work week.
- Extras: a thirteenth month, 8% holiday allowance, and a 10% Employee Benefit Budget.
- Development budget: EUR 1,400 development budget per year for your growth and development.
- Hybrid working: a balance between home and office work (possible for most roles).
- Pension: decide for yourself the amount of your personal contribution.
Calculate your salary right away? Use our Or view all our benefits.
Making impact by assessing and responding to security alerts that indicate a risk for Rabobank.
You & your job
Coordinate and guide Tier 1 & 2 analysts while ensuring the quality of their results meets the required standards. As a Tier 3 Cyber Security Analyst, you act as a subject‑matter expert in DFIR and translate complex security telemetry into actionable insights. You maintain oversight in high‑pressure situations and use your attacker’s mindset to resolve intricate security questions.
Practical examples
- Quality control on incident reports.
- Advising analysts from your subject‑matter expertise.
- Trend analysis on alerts.
Facts & figures
- 36 hours per week.
- 1 state‑of‑the‑art SIEM platform.
- More than 49,000 Rabobank colleagues around the world.
Top 3 responsibilities
- Executing tuning or suppression of incidents and creating detections based on threat intelligence, ensuring continuous improvement of monitoring quality.
- Serving as the trusted technical authority during high‑stakes incidents, providing clarity and direction to ensure fast and coordinated response.
- Conveying incident knowledge and technical findings to produce structured, clear, and actionable incident reports for both technical and non‑technical stakeholders.
As part of the SOC, you dive deep into complex security questions, validate threat hypotheses, and support analysts in developing stronger detection logic. You help shape the overall threat‑hunting approach while contributing to continuous improvements in incident response readiness.
Together we achieve more than alone
We believe in the power of difference. Bringing together people's unique perspectives makes us a better bank. We are curious to learn what you will bring to our Security Operations team.
‘The SOC is a group of open‑minded people with different backgrounds that are united by their passion for cyber security and their drive to solve complex cases. There’s a real team spirit when responding to incidents and performing investigations together on a daily basis.’
Connor Dillon, Product Owner.
The 30 people in Security Operations (SOC) deliver security monitoring, incident response, digital forensics and threat‑hunting services. Working together is the way we work; as 1 analytical team within Rabobank. Our team thrives on collaboration, continuous learning and a shared mission to keep Rabobank secure.
Why Rabobank is a place for everyone
At Rabobank, we believe we become stronger by embracing people who complement each other. Because we welcome differences, we bring out the best in each other. We seek diversity in expertise, skills, background and culture. Every department strives for inclusivity and the space for you to be yourself.
You & your talent
- 6+ years of experience in Digital Forensics & Incident Response, including hands‑on log analysis.
- Technical authority in querying and analyzing logs to unravel a cyberattack, combined with experience using SIEM tooling.
- Relevant certifications such as OSCP, GEIR, GREM, GDAT or CISSP.
- Enjoy working together and coaching others to improve themselves.
- Creativity – think like an attacker.
- Judgment & decision‑making – dare to take action where needed.
You & the job application process
- For questions about job content: Mourad el Maouchi, Manager Security Operations via Mourad.el.Maouchi@rabobank.nl.
- Questions about working at Rabobank and the procedure? Oscar van Dijk, Corporate Recruiter via oscar.van.dijk@rabobank.nl.
- We will hold the interviews through a video call.
- If selected, Bo – our virtual assistant – will contact you via SMS and email to schedule your interview.
- You can find answers to frequently asked questions on rabobank.jobs/en/faq.
- A security check is part of the process.
- We respect your privacy.
#LI-OVD
The Application Process
This is our standard application process. It may vary by role.
Thanks for applying! You will always receive a confirmation of your application by email. We review all the resumes and covering letters that we receive. We will let you know as soon as possible if we invite you for an interview.
We invite you for one or more (online) interviews. We want to know if you fit the role and the team. You probably have many questions for us too. For some positions, we may also ask you to complete an assignment or assessment.
Are you the new colleague we are looking for, and do you also feel happy with us? Congratulations! You will receive a good offer from us. Before you start, we conduct a legal screening to ensure that our employees do not pose a risk to us and our customers.
Welcome to Rabobank! We look forward to seeing you and can't wait to work together.
