-
View all jobs
Role Description
SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA.
Responsibilities
SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time.
When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the customer/L3 team, or L2 analyst must advise L1 team members until the incident is resolved.
Perform deep analysis to security incidents to identify the full kill chain
Perform remediation steps according to the findings or initiate steps for remediation
Prepare RCA for major incidents
Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA.
Identify the security gaps and need to recommend new rules/solution to L3/Customer
Need to suggest finetuning for existing rules based on the high count/wherever required
Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed
Recommend finetuning for s with logic and threshold, and possibly the query as well for the SIEM
Recommend new usecases with logic and threshold, and possibly the query as well for the SIEM
Respond to clients requests, concerns, and suggestions
Proactively support L1 team during an incident.
Performs and reviews tasks as identified in a daily task list.
Ready to work in 24x7 rotational shift model including night shift
Incident detection, triage, analysis and response.
Coordinating with customers for their security related problems and providing solutions.
Share knowledge to other analysts in their role and responsibilities
Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc
Provide oncall support on rotational basis for off hours
Knowledge Experience
Minimum of 3 years of experience in Cyber security, SOC
At least 2 years of working in the SOC
Proficient in Incident Management and Response
In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
Up to date in cyber security s and incidents; intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc.
Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001)
Desirable - Training / Certification in Ethical Hacking/SIEM Tool etc.
Experience in working on multiple SIEM tools (Sentinel, Qradar, Splunk)
Experience in working with multiple EDR tools (Crowdstrike, CarbonBlack EDR, Cybereason, MS Defender for endpoint, sentinelone)
Experience in handling Linux servers, familiar with Linux OS and commands
Additional Desired Skills
Strong verbal and written English communication
Strong interpersonal and presentation skills
Ability to work with minimal levels of supervision
Responsible for working in a 24x7 Security Operation centre (SOC) environment.
Essential Skills
Knowledge and hands-on experience with Azure Sentinel, Microsoft 365 Defender, Microsoft Defender for Cloud Apps & Identity Protection.
Continuous Learning Innovation And Optimization
Ensure completion of learning programs as suggested by Managers
Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals.
Provide suggestions to reduce the manual work
Teamwork
Assist L1 team members where possible
Skills
siem,incident response,log analysis,soar,
SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA.
Responsibilities
SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time.
When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the customer/L3 team, or L2 analyst must advise L1 team members until the incident is resolved.
Perform deep analysis to security incidents to identify the full kill chain
Perform remediation steps according to the findings or initiate steps for remediation
Prepare RCA for major incidents
Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA.
Identify the security gaps and need to recommend new rules/solution to L3/Customer
Need to suggest finetuning for existing rules based on the high count/wherever required
Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed
Recommend finetuning for s with logic and threshold, and possibly the query as well for the SIEM
Recommend new usecases with logic and threshold, and possibly the query as well for the SIEM
Respond to clients requests, concerns, and suggestions
Proactively support L1 team during an incident.
Performs and reviews tasks as identified in a daily task list.
Ready to work in 24x7 rotational shift model including night shift
Incident detection, triage, analysis and response.
Coordinating with customers for their security related problems and providing solutions.
Share knowledge to other analysts in their role and responsibilities
Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc
Provide oncall support on rotational basis for off hours
Knowledge Experience
Minimum of 3 years of experience in Cyber security, SOC
At least 2 years of working in the SOC
Proficient in Incident Management and Response
In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
Up to date in cyber security s and incidents; intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc.
Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001)
Desirable - Training / Certification in Ethical Hacking/SIEM Tool etc.
Experience in working on multiple SIEM tools (Sentinel, Qradar, Splunk)
Experience in working with multiple EDR tools (Crowdstrike, CarbonBlack EDR, Cybereason, MS Defender for endpoint, sentinelone)
Experience in handling Linux servers, familiar with Linux OS and commands
Additional Desired Skills
Strong verbal and written English communication
Strong interpersonal and presentation skills
Ability to work with minimal levels of supervision
Responsible for working in a 24x7 Security Operation centre (SOC) environment.
Essential Skills
Knowledge and hands-on experience with Azure Sentinel, Microsoft 365 Defender, Microsoft Defender for Cloud Apps & Identity Protection.
Continuous Learning Innovation And Optimization
Ensure completion of learning programs as suggested by Managers
Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals.
Provide suggestions to reduce the manual work
Teamwork
Assist L1 team members where possible
Skills
siem,incident response,log analysis,soar,
Key Skills
Ranked by relevance
cyber security
linux
microsoft defender
firewalls
qradar
cloud
siem
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Platform Analyst II - Cyber Security
2026-07-03
Full-time
Not Applicable
India
IT Services
Information Technology
View Job Details
Related
DevOps SRE
2026-07-03
Full-time
Not Applicable
India
IT Services
Engineering
View Job Details
Related
Network Engineer
2026-07-05
Full-time
Not Applicable
India
IT Services
Information Technology
Login to Apply
- Posted
- Jul 03, 2026
- Type
- Full-time
- Level
- Not Applicable
- Location
- Trivandrum
- Company
- UST
Industries
IT Services
IT Consulting
Categories
Information Technology
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Platform Analyst II - Cyber Security
2026-07-03
Full-time
Not Applicable
India
IT Services
Information Technology
View Job Details
Related
DevOps SRE
2026-07-03
Full-time
Not Applicable
India
IT Services
Engineering
View Job Details
Related
Network Engineer
2026-07-05
Full-time
Not Applicable
India
IT Services
Information Technology