Job
Description
Role Description We are seeking a detail-oriented and proactive SOC Analyst β Level 2 to strengthen our cybersecurity operations. The ideal candidate will have hands-on experience in reviewing and investigating escalated security events using a variety of security tools and methodologies. This role involves working closely with L1 analysts, Incident Response teams, and Threat Hunters to ensure accurate detection, classification, and escalation of security incidents. Key Responsibilities Review and investigate escalated security events from SOC L1 analysts using tools such as SIEM, EDR, NDR, and other monitoring platforms. Perform initial triage and validation of s, classify incidents, and escalate appropriately to Incident Response or Threat Hunting teams. Leverage threat intelligence to contextualize s and correlate evidence across multiple data sources. Analyze suspicious activity across endpoints, networks, email, and cloud environments. Accurately document investigation steps, findings, and recommendations. Maintain and enhance playbooks, runbooks, and standard operating procedures (SOPs). Participate in purple team exercises, tabletop simulations, and contribute to detection engineering feedback loops. Collaborate with L1 analysts, providing guidance and training on detection logic, triage, and escalation procedures. Required Qualifications Minimum 2 years of experience in a SOC, security monitoring, or cybersecurity operations role. Proficiency with SIEM (e.g., Splunk, QRadar, Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender for Endpoint), and analysis of firewall and proxy logs. Solid understanding of attacker tactics, techniques, and procedures (TTPs), especially those outlined in MITRE ATT&CK and the Cyber Kill Chain. Demonstrated experience in triaging s, classifying threats, and escalating incidents. Strong ability to write concise, accurate incident documentation and reporting. Working knowledge of both Windows and Linux operating systems from a security operations perspective. Preferred Qualifications Familiarity with detection logic tuning, custom rule creation, and threat hunting methodologies. Experience in phishing investigations, malware sandboxing, and basic memory/network forensics. Exposure to scripting languages such as Python, Bash, or PowerShell for task automation and data parsing. Knowledge of cloud security monitoring tools and practices (Azure, AWS, Google Cloud). Relevant certifications such as: Security+, CySA+, GCFE, GCIH, SC-200, or equivalent. Technical Skills Active Directory Red Hat Enterprise Linux Group Policy Management Skills SIEM, EDR, NDR Show more Show less
