SOC L2

Role & responsibilities

Conduct in-depth investigation of security incidents including data collection, root cause analysis, and recovery efforts, ensuring compliance with defined SLAs.

Validate and fine-tune correlation rules, use-cases, and custom detections in SIEM tools to reduce false positives and improve detection fidelity.

Propose new SIEM use cases with playbook creation based on threat intelligence, evolving TTPs, or internal security gaps.

Conduct alert quality reviews, enhancing or retiring outdated detection logic and recommending improved strategies.

Provide mentorship and analytical support to L1 analysts, helping them enhance detection and response capabilities.

Continuously monitor SIEM and other security tools for alerts indicating potential threats, policy violations, or anomalies in the network.

Lead incident response activities, focusing on containment and eradication of threats while ensuring forensic integrity for post-event analysis.

Correlate data from various sources to identify security incidents and create actionable intelligence.

Collaborate with cross-functional teams and subject matter experts to resolve complex technical issues swiftly.

Review logs, metrics, and system behavior to identify patterns and early indicators of compromise.

Document incidents, root cause, and resolution steps in a structured manner, and contribute to the refinement of incident response playbooks.

Share security knowledge and threat insights across the team to promote continuous learning and improvement.

Keep leadership informed of high-priority incidents and propose tactical/strategic countermeasures.

Ensure adherence to internal policies, regulatory requirements, and industry best practices throughout all SOC processes.

Preferred candidate profile

4+ years of professional experience in Information Security, SOC operations or incident response.

Strong knowledge of cybersecurity frameworks and methodologies including MITRE ATT&CK, Cyber Kill Chain and NIST IR.

God Knowledge in Cloud Security concepts and toolsexperience with EDR, SIEM, and Firewall technologies is a must.

Deep understanding of core network and security principles (Operating systems, TCP/IP, ports, detection/IDS/IPS, etc.).

Working knowledge of malware analysis and sandbox environments.

Ability to interpret complex alerts and logs from diverse sources and translate them into practical response actions.

Excellent communication, documentation, and collaboration skills to interact with stakeholders at all levels.