Role Description
Role Proficiency:Serve as the first point of contact for cyber security incidents escalations and investigation. Work with different teams to improve service provided by SOC to clients around the globe.
Outcomes
- React on cyber security incident escalation from L1 or customer on defined SLA and with proper investigation
- Analyze the L1 processes and create a new relevant process for service
- Analyzing the L1 requests for SIEM rule tuning and suggest relevant changes
- Perform trends analysis on collected data (s and incidents) and detection rules coverage
- Providing trainings for L1 on new technologies and tools
- Work with different teams (SIEM L1 TAM and etc) to provide required service to customers
- Perform review on handled s
Measures Of Outcomes
- Accurate review on all handled s by L1 daily
- Reply to escalation on time based on defined SLA
- Number of False Positive detections reduced
- Percentage of threats that are blocked detected and reported
Outputs Expected
Incident Advance investigations :
- Investigate an incident escalated from previous layer
- Include investigation in customer’s security tools
Review And Improve Work And Processes In L1 Team
- Performing daily review on L1 activity (closed and escalated s/incidents) to validate that the investigation is in required quality and the decisions are correct
Improve SOC Detection And Monitoring Service
- Analysis the triggered detection rules in SIEM solution to reduce a false positive rate and improve detection quality
Skill Examples
SIEM IPS WAF etcFast self-learningGood analytic skillsGood soft skills (Verbal and writing)Presentation skill (Verbal)Programming languages such as C C# Python Perl Java PHP and Ruby on Rails
Knowledge Examples
- Experience as SOC analyst or parallel role in cyber security
- Good knowledge in cyber security area: Understanding attack methods and tools understanding the attack vectors be familiar with defence methodology be updated on current trends in cyber
- Have experience in incident guideline definitions
Additional Comments
We are seeking a technically skilled and proactive SOC Analyst – Level 2 with a focus on Operational Technology (OT) environments. This role involves handling escalated incidents, collaborating with platform teams, and enhancing threat detection logic across OT systems. The analyst will play a key role in supporting incident response and improving fidelity, particularly within platforms such as Nozomi Networks and Microsoft Sentinel. Key Responsibilities Provide incident handling and escalation support for critical s, especially from the Nozomi platform. Advise on security issue isolation and recommend remediation strategies. Lead incident response and threat containment activities in OT environments. Collaborate with the Nozomi platform team to fine-tune rules and reduce noise in Sentinel. Create and maintain playbooks for automating incident response related to Nozomi s. Enhance threat detection logic and perform false positive tuning to improve quality. Required Skills & Qualifications Experience in SOC operations, particularly in OT environments. Hands-on knowledge of Nozomi Networks and Microsoft Sentinel platforms. Familiarity with incident response workflows, playbook creation, and tuning. Strong analytical and problem-solving skills. Ability to work in a 24x7 operational environment and collaborate across teams. Good communication skills and attention to detail.
Skills
OT Nozomi,Incident response,Cyber Security
