Medior Security Operations Analyst

At BAM, we design and build the infrastructure that keeps the Netherlands running, from dikes, bridges, and energy networks to hospitals and other public facilities. These are the systems a nation depends on.

As a Security Analyst, you help protect that foundation. You’ll be part of a modern, Microsoft-native Security Operations Center (SOC), where you detect, investigate, and help contain cyber threats that could disrupt vital infrastructure.

Your work directly strengthens the digital and physical resilience of the country. You’re not just defending networks, you’re defending the future of the Netherlands.

Your day starts with reviewing the latest alerts in Microsoft Sentinel and Defender XDR. A login attempt from an unusual location catches your eye. You dig in, correlate logs, and confirm it’s a phishing attempt. You isolate the account, raise an incident, and work with IT to strengthen MFA rules.

Later, you join a threat hunting session with senior analysts, tuning detection rules and testing new use cases. In the afternoon, you validate new log sources, write documentation for a recent incident, and share insights with the team.

Every day you’re learning, not just tools and techniques, but how to think like an attacker and respond like a defender.

Furthermore: 

• Monitor & detect: Analyse alerts and events in Microsoft Sentinel and Defender XDR, validate and investigate alerts, and support continuous tuning of detection logic.
• Respond: Support investigations and coordinate response actions, document findings, remediation steps, and lessons learned.
• Hunt & improve: Participate in threat hunting sessions and help fine-tune detection logic and alert quality.
• Analyse: Conduct basic malware and behavioral analysis to support incident investigations, escalating complex cases to senior analysts.
• Support vulnerability management: Review scan results and help coordinate remediation with IT teams.
• Enhance telemetry: Assist in log onboarding and data validation across endpoints and cloud systems.
• Collaborate & grow: Work closely with senior analysts, improve playbooks, and continuously expand your skills.

You’ll join a young, dynamic SOC team within BAM’s IT & Security organisation, reporting into the Security Operations team. The team combines curiosity with expertise, they monitor, analyse, and continuously improve. The atmosphere is open and supportive, colleagues help each other, share knowledge, and celebrate progress together. You’ll work hybrid, primarily from Bunnik, with flexibility to work from home and visit project sites when needed.

At BAM, we believe in investing in our people and creating a positive, inclusive culture where you can grow your expertise and make an impact.

• A competitive salary between € 4920 - € 6140 per month gross per month, based on experience and a 40-hour workweek, plus 8% holiday allowance
• Excellent secondary benefits under the Bouw & Infra collective labour agreement, including a sustainable employability budget (2.18%), 25 vacation days, 15 roster-free days, and 3 short-leave days per year,
• Travel allowance, laptop, and iPhone,
• Unique learning opportunities through our in-house platform BAM Learning, plus Microsoft certifications and external courses,
• Extras like 40% discount on gym memberships, and discounts on private insurance and Microsoft Office.

  At BAM, you’ll grow as a professional, and as part of a team that protects the foundations of society.

• A Bachelor’s or Master’s degree in Cyber Security, Computer Science, Information Security, or a related technical field,
• 2–4 years of experience in a SOC, CSIRT, or similar security monitoring role
• Familiarity with Microsoft Sentinel, Defender XDR, or other SIEM/EDR tools,
• Experience in triaging alerts and understanding incident response workflows,
• Strong analytical and problem-solving mindset, eager to learn and grow,
• Fluent in Dutch (B2 or higher) and English (spoken and written),
• Experience with scripting for automation purposes (e.g. Python, PowerShell, or KQL) is a plus.

Nice-to-have:

• Experience with Microsoft Defender for Endpoint, Identity, or Cloud Apps,
• Some scripting knowledge (KQL, PowerShell, or Python),
• Understanding of MITRE ATT&CK, threat intelligence, or vulnerability management,
• Certifications like SC-200, CompTIA Security+, or equivalent.

BAM Nederland B.V. is part of Royal BAM Group nv, a leading European construction and engineering company active in Building and Property, Infrastructure, and Public–Private Partnerships.

Sustainability and innovation are at the heart of everything we do, from design and construction to facility management. We aim to lead the digital transformation of our industry and deliver the highest standards of quality, safety, and sustainability.

Interested? Click ‘Apply’ and share your details. Our recruiter Mark Hendriks would love to meet you.

Questions? Call or send a WhatsApp message to +31 6 57 433 444.

Providing a Certificate of Good Conduct (VOG) is part of the recruitment process.