Security Analyst L2

Responsibilities

• Monitor client environments using SIEM platforms to detect, triage, and respond to cybersecurity threats in accordance with agreed SOPs and industry best practices
• Analyse and investigate security alerts; perform deep-dive log analysis across system and OS layers to establish baselines and identify anomalous behaviour
• Map threat tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework and construct plausible attack-path hypotheses to inform containment actions
• Produce escalation reports and notes; manage triage workflow and identify improvements to automation playbooks
• Conduct IOC-based reactive threat hunts against limited TTPs
• Operate SIEM, SOAR, EDR, and wider security tooling within the scope of the service engagement
• Perform indicator of compromise (IOC) searches and triage incoming threat intelligence to assess relevance to client assets
• Coordinate with vendors, external CERTs, and internal business stakeholders during incident response activities
• Manage detection use cases, dashboards, and SOAR playbooks: author and tune detection rules, validate existing content, and implement automation to streamline triage and response
• Manage the full incident ticket lifecycle, including creation, updates, closure, hygiene, and MITRE ATT&CK mapping
• Respond to incidents and critical alerts outside of office hours when required
• Any other tasks as assigned

Requirements

• Degree in Computer Science, Information Security, or a related discipline
• Minimum 6 years of experience in cybersecurity operations or a Security Operations Centre (SOC) environment
• Hands-on experience with SIEM platforms and solid understanding of network, Windows, and Linux infrastructure
• Hands-on experience with EDR platforms for endpoint detection, investigation, and response
• Demonstrated ability to triage, investigate, and respond to security incidents independently, with accurate escalation judgement
• Experience mapping threats to MITRE ATT&CK and conducting IOC-based threat hunts
• Clear written and verbal communication; able to produce structured escalation reports and brief senior stakeholders
• GIAC Certified Incident Handler (GCIH), EC-Council ECIH, or equivalent incident handling certification required

Preferred Skills / Qualities

• Experience with SOAR platforms, playbook development, or automation scripting
• Knowledge of cloud infrastructure security (AWS, Azure, or GCP)
• Familiarity with Threat Intelligence Platforms and IOC management workflows
• Experience with next-generation SIEM, NDR, or ITSM/incident management platforms
• Exposure to OT security monitoring or regulatory frameworks such as NIST CSF, ISO 27001, or GDPR
• CrowdStrike certifications (e.g., CCFA, CCFR) or other vendor product certifications are a plus

Other Special Working Conditions

• Able to perform 12-hour shift duties (2 days’ work with 2 off-days). Working hours: AM - 8:30am to 8:30pm; PM - 8:30pm to 8:30am. Shift patterns and duration may vary from time to time