L2 SOC Lead

Job Title:

Location

Position Summary:

We are seeking an experienced Level 2 SOC Lead to join our STL Digital Security Operations Centre. The ideal candidate will need to have hands-on experience with Microsoft Sentinel, Google Security Operations (Chronicle) SIEM or similar platforms, Microsoft Defender for Endpoint (MDE) and SOAR platforms, enabling efficient triage, investigation, and containment of security incidents. As a Tier 2 analyst, you will lead deep-dive investigations, refine detection logic, and drive automation improvements to enhance incident response efficiency.

Key Responsibilities:

• Conduct in-depth investigation of alerts escalated from Tier 1 analysts, identifying root causes and determining potential impact.
• Analyze and correlate data from multiple sources (MDE, SIEM, SOAR, threat intelligence) to validate incidents and assess threat scope.
• Respond to and contain endpoint threats using Microsoft Defender for Endpoint and integrated EDR capabilities.
• Develop, test, and optimize SOAR playbooks to automate common detection, triage, and response activities.
• Collaborate with IT and Incident Response teams to remediate compromised systems and prevent recurrence.
• Perform threat hunting using MDE and SIEM telemetry to proactively identify indicators of compromise (IOCs).
• Provide guidance and mentorship to Tier 1 SOC analysts.
• Contribute to the continuous improvement of detection rules, incident handling processes, and SOC documentation.
• Prepare detailed incident reports and recommend corrective actions to improve security posture.

Required Qualifications:

• 36 years of experience in a SOC, incident response, or cybersecurity operations role.
• Strong hands-on experience with Microsoft Sentinel, MDE – XDR, Google Security Operations (Chronicle) SIEM or similar platforms and familiarity with its investigation, response, and hunting features.
• Working knowledge of SOAR platforms (such as Microsoft Sentinel SOAR, Palo Alto Cortex XSOAR, Splunk SOAR, ).
• Understanding of threat detection, incident response workflows, and common attack techniques (MITRE ATT&CK).
• Ability to analyze security events across multiple layers—endpoint, network, and cloud.
• Strong problem-solving and analytical thinking skills.
• Excellent written and verbal communication skills, especially in documenting and reporting incidents.

Preferred Qualifications:

• Certifications such as Microsoft SC-200 (Security Operations Analyst Associate), CompTIA CySA+, GCIA, GCIH, or AZ-500.
• Scripting or automation skills in PowerShell or Python.
• Familiarity with Microsoft Sentinel, Azure Security Center, or Microsoft 365 Defender Suite.
• Experience working in hybrid or cloud-centric environments (Azure, AWS, GCP).