SOC T2 Analyst

The SOC Tier 2 Analyst acts as the primary escalation point for Tier 1 analysts, leading the investigation and coordination of security incidents. This role is critical to maintaining strong cybersecurity defenses by conducting advanced threat detection, in-depth incident analysis, and supporting response efforts. The analyst contributes to process improvement, threat hunting, and ongoing SOC maturity through mentoring and collaboration across security teams.

Roles & Responsibilities

• Act as the main escalation point for Tier 1 analysts, offering technical expertise and guidance
• Perform advanced analysis of security events using SIEM, EDR, IDS/IPS, and firewall logs
• Investigate and respond to threats aligned with MITRE ATT&CK tactics and techniques
• Lead incident response activities including containment, eradication, and recovery
• Conduct forensic analysis and artifact review to identify root cause and scope
• Collaborate with threat intelligence and threat hunting teams to enhance detection capabilities
• Develop and refine SOC standard operating procedures (SOPs) and playbooks
• Coordinate with engineering teams to tune and optimize security tools and controls
• Mentor Tier 1 analysts to elevate SOC capabilities and ensure knowledge transfer
• Support security audits, compliance initiatives, and reporting as needed

Basic Qualifications

• Master's degree in Information Technology or Cybersecurity

• OR

• Bachelor's degree with minimum 1 year of experience in Security Operations or related field

• OR

• Diploma with minimum 2 years of experience in Security Operations or related field

Must-Have Skills

• Strong understanding of SOC operations, event triage, and incident escalation
• Experience analyzing cyber threats and attacker TTPs
• Proficient in tools such as SIEM (Splunk, QRadar, Sentinel), EDR (CrowdStrike, Defender ATP), IDS/IPS
• Experience managing incident response across detection, containment, eradication, and recovery
• Working knowledge of Windows and Linux security, including log analysis and scripting (PowerShell, Bash)

Good-to-Have Skills

• Exposure to 24/7 SOC operations and shift leadership
• Experience with forensic tools (Volatility, Autopsy, FTK) and malware analysis
• Familiarity with cloud security monitoring (AWS, Azure, GCP)
• Knowledge of cybersecurity frameworks such as MITRE ATT&CK, NIST CSF, and CIS controls
• Hands-on threat hunting experience

Professional Certifications

CompTIA Security+, CEH, GSEC, GCFA, MTA Security Fundamentals, CISSP (preferred)

Soft Skills

• Strong communication and collaboration skills with global teams
• Ability to prioritize effectively in high-pressure, fast-paced environments
• Strong critical thinking and problem-solving abilities
• Commitment to continuous learning and proactive knowledge sharing