The SOC Analyst Level 2 is responsible for the advanced analysis and investigation of security incidents, providing guidance to Level 1 analysts, and assisting in the development and implementation of security controls and measures. This role plays a critical part in the detection and mitigation of security threats.

This position also involves working within a Managed Security Services Provider (MSSP) environment, where you will manage security operations for multiple clients across various industries. You will be required to adapt to different client environments, adhere to Service Level Agreements (SLAs), and prioritize incidents effectively.

Key Responsibilities:

Incident Analysis and Response:

• Investigate escalated security incidents from L1 analysts.
• Perform detailed analysis of logs, alerts, and incidents using SIEM tools and other monitoring solutions.
• Coordinate and execute containment, eradication, and recovery measures for identified threats.
• Document and report findings, including root cause analysis and recommendations for prevention.
• Participate in SOC shift rotations, including nights, weekends, and holidays.

Threat Hunting:

• Proactively search for signs of potential threats and vulnerabilities in the environment.
• Develop hypotheses for threat scenarios and test them using available tools and data.

Tool and Process Optimization:

• Fine-tune and configure SOC tools (e.g., SIEM, EDR, IDS/IPS) for optimal performance.
• Work with threat intelligence feeds to enhance detection capabilities.

Collaboration and Escalation:

• Collaborate with L3 analysts and other teams for complex investigations or escalations.
• Provide mentorship and guidance to L1 analysts for skill development and efficiency.

Reporting and Documentation:

• Maintain detailed documentation of incidents, processes, and investigations.
• Generate regular reports for management on security posture, metrics, and incident trends.

Security Improvement Initiatives:

• Participate in post-incident reviews and recommend changes to policies, procedures, or configurations.
• Contribute to the development and improvement of SOC playbooks.
• Participate in SOC shift rotations, including nights, weekends, and holidays.

People Skills:

• Demonstrate strong leadership skills, providing guidance and mentorship to Level 1 analysts.
• Communicate effectively with team members, stakeholders, and external parties, ensuring clear understanding and documentation of security incidents and actions taken.
• Exhibit excellent interpersonal skills, including the ability to manage and resolve conflicts, and foster a positive team environment.
• Collaborate effectively with cross-functional teams to ensure cohesive and efficient incident response and mitigation efforts.
• Show strong presentation skills, capable of conveying complex technical information to both technical and non-technical audiences.
• Strong analytical and problem-solving skills.
• Excellent communication and leadership skills.

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or related field, or equivalent work experience.
• 2-4 years of experience in a security operations or similar role.
• In-depth understanding of cybersecurity principles, techniques, and best practices.
• Hands on experience with security tools and technologies (e.g., SIEM, IDS/IPS, firewalls, endpoint protection).
• SIEM Tools such as – Wazuh, ELK, OpenSource SOAR •