SOC Analyst L2

What You Will Do

• Monitor and analyze security events using SIEM platforms such as Microsoft Sentinel, Splunk, Wazuh, or Google SecOps.
• Triage and investigate security alerts to determine their nature, severity, and impact.
• Perform in-depth analysis of potential security incidents and escalate confirmed threats to appropriate teams.
• Coordinate with Tier 1 analysts and incident response teams to ensure effective containment, eradication, and recovery.
• Maintain detailed documentation of investigations, actions taken, and incident resolution timelines.
• Refine and enhance SOC playbooks, response workflows, and detection rules.
• Perform proactive threat hunting using IOCs and behavioral patterns from internal and external threat intelligence.
• Provide insights and recommendations for system hardening, patching, and configuration improvements.
• Mentor and support SOC L1 analysts through technical guidance and knowledge sharing.

What You Will Need

• 1–3 years of experience in cybersecurity operations, threat detection, or IT security.
• Hands-on experience with at least one SIEM solution (e.g., Sentinel, Splunk, Wazuh, Google SecOps).
• Proficient in log analysis across diverse platforms (Windows, Linux, cloud services).
• Knowledge of common attack vectors, tactics, and techniques (e.g., OWASP Top 10, MITRE ATT&CK).
• Ability to respond calmly and effectively in high-pressure incident scenarios.

Nice to Have

• Industry certifications: CompTIA Security+, SC-200, Google Security, or equivalent.
• Basic scripting ability (Python, PowerShell, Bash) for automation and log parsing.
• Exposure to cloud security monitoring (Azure Security Center, AWS GuardDuty, GCP SOC).
• Familiarity with case management and SOAR platforms.

‍

SOC Operational Focus

• Detection & Analysis: Identify real threats from false positives using contextual analysis and security telemetry.
• Incident Handling: Drive the incident lifecycle from identification through containment and recovery.
• Threat Intelligence Integration: Enrich alerts with threat intel to improve detection fidelity.
• Reporting & Metrics: Contribute to weekly threat trend reports, KPIs, and post-incident summaries.
• Continuous Improvement: Participate in SOC tuning activities and detection use-case refinement.