SOC Analyst - L2

Responsibilities:

1. Advanced Incident Response & Escalation

• Act as the Tier 2 Escalation Point for all validated threats filtered by the L1 team.

• Conduct deep-dive forensic analysis on endpoints, memory, and network traffic to identify root causes.

• Lead containment and eradication efforts for multi-stage attacks (e.g., Ransomware, Business Email Compromise).

• Maintain a comprehensive awareness of the current threat landscape, including malware, phishing attacks, and advanced persistent threats (APTs).

• Create/review/modify documentation as needed, to include any process or procedure and thus ensure it’s up to date and standard

• Daily/Weekly/Monthly SOC Reports.

• Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.

2. Threat Hunting & Detection Engineering

• Proactively hunt for stealthy threats that bypass automated security controls using the MITRE ATT&CK framework.

• Develop and deploy custom SIEM correlation rules and EDR queries to detect advanced adversary techniques.

• Convert "Tribal Knowledge" into automated Level 1 Playbooks to empower the junior team.

3. Mentorship & Quality Assurance

• Perform "Case Reviews" of L1 investigations to ensure high data quality and provide technical coaching.

• Coordinate with the Global Follow-the-Sun leads to ensure smooth handovers of high-priority incidents.

• Actively participate in post-incident reviews to identify lessons learned and recommend improvements to processes and technologies.

• Provide feedback and recommendations to enhance detection and response capabilities.

• Participate in continuous improvement of security operations processes and toolsets.

• Mentor and train junior analysts, sharing knowledge and best practices to strengthen team capabilities.

Requirements:

• Experience in developing SOC use cases in SIEM to correlate diverse logs, including the creation of new monitoring use case logic and enabling effective investigation of security alerts and incidents.

• Knowledge of Cyber Threat Intelligence, including the analysis of intelligence alerts, threat hunting, and providing actionable recommendations.

• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.

• Understanding common threat vectors ie malware, email, and website analysis at a medium to high level.

• Strong understanding of security incident management, malware management and vulnerability management processes.

• Strong knowledge of IT and system administration skills in modern operating systems.

• Exposure to SIEM, EDR, SOAR, TIP, & ServiceNow tools etc is required.

• Ability to remain focused during repetitive monitoring while maintaining a high attention to detail.

• Ability to translate complex technical findings into actionable insights for diverse stakeholders.

• Some experience with cloud service providers like AWS and Azure would prove valuable.

• Experience with Splunk ES would be a plus.

• Bachelor’s Degree in relevant field of studies.

• 3-5 years of experience in a SOC environment or equivalent technical role.

• Valid certification for either CEH/ECIH/CHFI/Any SIEM Technical Certification/Any Firewall Technical Certification/or any other industry-related certificate.

• Demonstrated commitment to continuous learning and intellectual curiosity within the cybersecurity domain.