About Ekco

Founded in 2016 Ekco is now one of the fastest growing cloud and security solution providers in Europe!

We specialise in enabling companies to progress along the path of cloud maturity, cybersecurity, managing transformation and driving better outcomes from our clients’ existing technology investments.

We are the people who power your possible

We have over 600 highly talented and supportive colleagues (and counting) across a number of regional offices in Ireland, the Netherlands and UK

Role

 We are seeking a Threat Operations Principal to act as the technical authority driving the evolution of our SOC capability. The Threat Operations team focuses on advancing detection capability, hunting practices, and investigative standards to ensure the SOC remains ahead of emerging threats. By shaping how complex threats are identified and handled, the Principal sets the benchmark for technical excellence across the team.

As a senior escalation point, the Principal provides deep technical guidance to analysts while fostering a culture of continual improvement. Working closely with Detection Engineering, Threat Intelligence, and Incident Response, you will play a key role in maturing detection coverage, refining response workflows, and building the SOC’s long-term resilience against advanced adversaries.

Key Responsibilities:

Operational Leadership:

• Lead and oversee investigations into complex or ambiguous threats escalated from the SOC.
• Conduct root cause analysis and post-incident reviews, ensuring lessons learned feed back into operations.
• Identify and close detection gaps by collaborating with Detection Engineering on new, tuned, or improved rules.
• Drive proactive threat hunting initiatives using intelligence, behavioural indicators, and anomaly detection.
• Validate high-severity alerts for both technical accuracy and business impact.

Capability & People Leadership:

• Act as the escalation point for technical investigations and threat-related queries from Senior Analysts.
• Provide technical mentoring, informal upskilling, and guidance to SOC analysts.
• Contribute to the development, testing, and refinement of SOC SOPs, playbooks, and the detection lifecycle.
• Participate in evaluating and tuning SOC tools and workflows (SIEM, SOAR, EDR, enrichment, automation).
• Develop and enhance SOC capabilities, including enrichment logic, automation use cases, and threat hunting frameworks.
• Collaborate with Threat Intelligence to generate hunting leads and contribute insights back into CTI production.

Client Assurance & Representation:

• Represent SOC technical expertise in internal and client-facing service reviews.

• Provide expert support and guidance for client incidents escalated to SOC leadership.

Key Requirements

• Proven experience working within MSSP
• Strong expertise in SOC technologies (SIEM, EDR, SOAR, etc)
• In-depth expertise in the analysis of logs, artefacts, security events, IOCs, tactics, techniques and procedures (TTP’s)
• Proven ability to mentor and develop SOC analysts and act as a technical escalation point.
• Confidence representing SOC technical expertise in client-facing discussions and incident reviews.
• Strong analytical mindset with the ability to identify and drive strategic improvements across SOC operations.
• Experience collaborating with cross-functional teams (Threat Intelligence, Detection Engineering, Incident Response) to strengthen detection and response capabilities.

• Deep understanding of the cyber kill chain and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST, CIS) and threat landscapes
• Proven ability to handle high-pressure situations, make critical decisions, and manage complex incidents.
• Excellent communication and interpersonal skills, both verbal and written, to manage stakeholder and client relationships effectively
• Strong organisational and administrative skills, with attention to detail
• Good problem-solving abilities with a proactive focus on finding innovative and practical solutions.
• Ability to work collaboratively in a fast-paced environment

What’s in it for you?

We believe in taking care of our team so as one of us you’ll have access to our “Ekco Extras”

☀️ Time off - 25 days leave + public holidays
🎂 x1 day Birthday leave per year

💰 Company Pension Scheme, Income protection and death in service cover

📚 Learning & development - Unlimited access to Udemy learning platform
🧠 EAP and employee wellness programmes

Why Ekco?

🏅 Ranked as Ireland's 4th fastest growing technology company in the Deloitte Fast50 Awards
⭐️ Dell & Veeam top partner status
🌈 Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging
🎉 We recognise the value of internal mobility and encourage opportunities for internal development & progression
✨ Flexible working with a family friendly focus are at the core of our company values