Security Operations Center Analyst

Job Summary:

SOC Analysts (L2 and L3)

Key Responsibilities:

SOC Analyst – L2

• Monitor security events and alerts from SIEM tools (e.g., Microsoft Sentinel, Splunk, QRadar).
• Investigate and triage alerts to identify false positives and real incidents.
• Perform initial incident response actions (isolate systems, reset credentials).
• Escalate high-severity or complex incidents to L3 analysts.
• Document findings, actions, and recommendations in ticketing systems.
• Work with threat intelligence feeds to understand attack trends and indicators.
• Support vulnerability management efforts and patch validations.
• Assist in playbook execution and incident lifecycle management.

SOC Analyst – L3

• Lead end-to-end incident response, including containment, eradication, and recovery.
• Perform in-depth forensic investigations, malware analysis, and root cause analysis.
• Develop and tune SIEM detection rules and use cases.
• Mentor L1/L2 analysts and review their investigations.
• Threat hunting using behavioral analytics and threat intelligence sources.
• Collaborate with threat intelligence teams for proactive defenses.
• Work closely with other teams (IT, Cloud, Endpoint) for coordinated responses.
• Create and maintain runbooks, incident reports, and compliance documentation.

Required Skills and Qualifications:

• Solid understanding of cybersecurity principles, MITRE ATT&CK, and NIST framework.
• Familiarity with tools: SIEM (Sentinel/Splunk/QRadar), EDR (Defender, CrowdStrike), SOAR platforms.
• Hands-on experience in log analysis, network traffic analysis, and endpoint investigations.
• Understanding of firewalls, proxies, IDS/IPS, and cloud security.

L3 Specific:

• 5+ years in a SOC environment or cybersecurity field.
• Advanced knowledge of threat analysis, malware reverse engineering, and threat hunting.
• Experience in tuning and optimizing SIEM/SOAR rules.
• Industry certifications preferred (e.g., GCIA, GCIH, CEH, CISSP, Microsoft SC-200, SC-300).

L2 Specific:

• 2–4 years of SOC or cybersecurity operations experience.
• Good understanding of the incident handling process.
• Basic scripting or automation knowledge (PowerShell, Python) is a plus.