SOC Analyst II

Job Title: SOC Analyst L2

Experience Level: 2-5 Years

Key Responsibilities:

Monitor, investigate, and respond to security alerts generated by LogRhythm SIEM.

Perform initial and intermediate triage of security incidents.

Escalate complex threats or policy violations to L3 Analysts with proper documentation and evidence.

Conduct in-depth log analysis and support root cause analysis (RCA) under L3 guidance.

Assist with managing and maintaining endpoint security tools such as CrowdStrike and Carbon Black.

Support and enforce multi-factor authentication (MFA) using Cisco Duo.

Help administer CyberArk EPM & PAS for privileged access control.

Investigate email threats using Proofpoint TAP and TRAP dashboards.

Monitor digital certificate validity and assist with certificate management processes (PKI/MS ADCS/DigiCert).

Document incidents thoroughly in ServiceNow and maintain up-to-date case notes.

Participate in shift handovers and provide regular updates to stakeholders.

Contribute to runbooks, playbooks, and SOC knowledge base for continuous improvement.

Required Skills:

2-5 years of hands-on experience in a Security Operations Centre (SOC) environment.

Familiarity with SIEM platforms (LogRhythm preferred) and understanding of correlation rules.

Practical experience with at least one EDR tool (CrowdStrike or Carbon Black).

Working knowledge of CyberArk, Cisco Duo, and email security tools (Proofpoint).

Understanding of SOC workflows, incident lifecycle, and alert prioritisation.

Exposure to PKI certificate lifecycle management.

Basic understanding of ITSM tools (e.g., ServiceNow).

Ability to perform clear and concise technical documentation.

Strong analytical thinking, problem-solving skills, and willingness to learn from L3 peers.

Good written and verbal communication skills.

Preferred Skills:

Knowledge of MITRE ATT&CK framework.

Experience working in a 24/7 SOC environment.