Security Operations Center Analyst

Job Summary:

We are seeking skilled SOC Analysts (L2 and L3) to strengthen our Security Operations Center team. The candidates will be responsible for monitoring, analyzing, and responding to security incidents using advanced security tools and processes. The L2 role will focus on deeper analysis and initial remediation, while the L3 role will handle complex threats, lead incident response efforts, and support threat hunting and tuning.

Key Responsibilities:

SOC Analyst – L2

• Monitor security events and alerts from SIEM tools (e.g., Microsoft Sentinel, Splunk, QRadar).
• Investigate and triage alerts to identify false positives and real incidents.
• Perform initial incident response actions (isolate systems, reset credentials).
• Escalate high-severity or complex incidents to L3 analysts.
• Document findings, actions, and recommendations in ticketing systems.
• Work with threat intelligence feeds to understand attack trends and indicators.
• Support vulnerability management efforts and patch validations.
• Assist in playbook execution and incident lifecycle management.

SOC Analyst – L3

• Lead end-to-end incident response, including containment, eradication, and recovery.
• Perform in-depth forensic investigations, malware analysis, and root cause analysis.
• Develop and tune SIEM detection rules and use cases.
• Mentor L1/L2 analysts and review their investigations.
• Threat hunting using behavioral analytics and threat intelligence sources.
• Collaborate with threat intelligence teams for proactive defenses.
• Work closely with other teams (IT, Cloud, Endpoint) for coordinated responses.
• Create and maintain runbooks, incident reports, and compliance documentation.

Required Skills and Qualifications:

• Solid understanding of cybersecurity principles, MITRE ATT&CK, and NIST framework.
• Familiarity with tools: SIEM (Sentinel/Splunk/QRadar), EDR (Defender, CrowdStrike), SOAR platforms.
• Hands-on experience in log analysis, network traffic analysis, and endpoint investigations.
• Understanding of firewalls, proxies, IDS/IPS, and cloud security.

L3 Specific:

• 5+ years in a SOC environment or cybersecurity field.
• Advanced knowledge of threat analysis, malware reverse engineering, and threat hunting.
• Experience in tuning and optimizing SIEM/SOAR rules.
• Industry certifications preferred (e.g., GCIA, GCIH, CEH, CISSP, Microsoft SC-200, SC-300).

L2 Specific:

• 2–4 years of SOC or cybersecurity operations experience.
• Good understanding of the incident handling process.
• Basic scripting or automation knowledge (PowerShell, Python) is a plus.