SOC Analyst – Level 2
Positions
SOC Analyst – Level 2
Employment:
Full-time
Setup:
WFH
We are looking for a skilled and experienced Security Operations Center (SOC) Analyst Level 2 to join our cybersecurity team. As an SOC Analyst Level 2, you will be responsible for analyzing and responding to security incidents, providing advanced threat detection, investigation, and remediation. You will work with a team of SOC Analysts and security engineers to proactively identify potential security threats and manage incidents to mitigate risk to the organization. This role requires strong technical knowledge, problem-solving skills, and the ability to handle complex security issues.
Key Responsibilities
Advanced Incident Investigation: Lead the investigation and response to security incidents, including analysis of logs, network traffic, and endpoint data to identify potential threats and vulnerabilities.
Threat Hunting: Proactively search for signs of malicious activity, advanced persistent threats (APTs), and other indicators of compromise (IOCs) across the organization's systems and network.
Incident Escalation & Coordination: Coordinate with higher-level security teams and management to escalate critical or high-severity incidents, ensuring timely and effective remediation.
Root Cause Analysis: Perform root cause analysis for significant security incidents, identifying underlying vulnerabilities and recommending preventive measures to improve security posture.
Security Tools Optimization: Manage and fine-tune security tools and systems, including SIEM (Security Information and Event Management), IDS/IPS, firewalls, and endpoint protection solutions, to improve the detection of security threats.
Collaboration with IT & Engineering Teams: Work closely with IT, network, and engineering teams to investigate security incidents and ensure the implementation of appropriate technical controls to mitigate risk.
Documentation and Reporting: Ensure all incidents and investigations are properly documented in the incident management system, including technical details, investigation steps, actions taken, and final outcomes. Prepare reports for management, highlighting incident trends and areas of improvement.
Security Awareness: Mentor and guide Level 1 analysts, providing support and training to improve their technical capabilities and incident response processes.
Continuous Improvement: Regularly review and improve security processes and incident response workflows, staying up to date with emerging cybersecurity trends, threat intelligence, and industry best practices.
Compliance Support: Assist in ensuring the organization’s security operations meet compliance requirements for industry standards and regulations (e.g., GDPR, PCI-DSS, HIPAA).
Requirements
Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent work experience).
Certifications: Industry certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or GIAC Security Essentials (GSEC) are preferred.
Minimum of 2-3 years of experience in a SOC or cybersecurity role, with a focus on incident response, threat detection, and security monitoring.
Hands-on experience with SIEM tools (e.g., Splunk, QRadar, ArcSight) and incident management systems.
Experience in analyzing network traffic, logs, endpoint data, and utilizing forensic techniques to identify threats.
Knowledge of advanced malware analysis, threat intelligence, and vulnerability management.
Proficient in network protocols (TCP/IP, HTTP, DNS, etc.), firewalls, IDS/IPS, and endpoint security technologies.
Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation or investigation purposes.
Familiarity with threat intelligence platforms and the ability to analyze and act on threat feeds.
Solid understanding of security frameworks (NIST, CIS, etc.) and incident response methodologies (e.g., SANS, NIST).
Knowledge of forensic tools (e.g., FTK, EnCase) is a plus.
Strong problem-solving and analytical skills, with the ability to think critically under pressure.
Excellent communication skills, both verbal and written, with the ability to convey technical information to non-technical stakeholders.
Ability to manage multiple tasks simultaneously and prioritize effectively in a fast paced environment.
Strong team-oriented attitude with a collaborative approach to incident response and problem-solving.
Hands-on experience with Tanium and CrowdStrike for endpoint security, threat detection, and investigation
