Are you an experienced cybersecurity professional looking to deepen your skills in a fast-paced and engineering-focused Security Operations Centre (SOC)?

As a SOC Analyst Level 2 at OneStep Group, you will play a key role in strengthening our clients' security posture through advanced investigations, detection engineering, log ingestion oversight, automation, and stakeholder engagement.

You will work closely with senior engineers and the SOC Team Lead, guide Level 1 analysts, participate in client meetings, and contribute directly to uplifting activities across multiple client environments.

Key Responsibilities:

• Monitor and triage alerts across a range of security tools, not limited to SIEMs (e.g., Microsoft Sentinel, LevelBlue, FortiSIEM), but also including endpoint protection platforms, firewalls, and email gateways.
• Lead investigation and response for medium and high-severity security incidents across Microsoft Sentinel and Defender XDR.
• Perform deep-dive threat analysis with incident response, root-cause identification, threat containment, and escalation where required.
• Build, tune, and optimise analytic rules, watchlists, workbooks and automation playbooks.
• Troubleshoot and resolve SIEM ingestion issues (log connector failures, schema errors, filtering, suppression logic).
• Conduct proactive threat hunting using advanced KQL queries aligned to threat intel (e.g., KEV, EPSS, CVSS, MITRE).
• Support vulnerability management workflows using Defender, Tenable, Qualys, and associated asset data.
• Onboard and validate new data sources (Windows, Sysmon, AWS logs, firewalls, Endpoint data, application logs).
• Automate SOC workflows using Azure DevOps, PowerShell or Python to increase efficiency and reduce manual effort.
• Mentor and support Level 1 analysts through knowledge transfer, escalation reviews, and quality assurance.
• Participate in client workshops, monthly reviews, and technical discussions to present insights and recommendations.
• Contribute to SOC documentation, runbooks, SOC standards, and internal process improvements.

What We’re Looking For:

• 2+ years of hands-on SOC or security operations experience.
• Strong analytical and problem-solving ability with confidence to operate independently.
• Solid experience with Microsoft Sentinel, including KQL-based investigation, rule tuning and data analysis.
• Hands-on understanding of Defender XDR components or technologies: Endpoint, Identity, Email, Cloud Apps, Office 365.
• Experience troubleshooting SIEM or security telemetry ingestion issues.
• Scripting skills in PowerShell and/or Python for automation and enrichment.
• Practical understanding of enterprise IT fundamentals: cloud (Azure/AWS), endpoints, email, networking.
• Strong communication and documentation skills with the ability to engage directly with clients.
• Ability to prioritise incidents, provide clear recommendations, and guide junior analysts.
• Must have: Australian Police Clearance and valid work rights.
• Highly desirable: Australian citizenship (for Baseline/NV1 eligibility).

Nice to Have:

• Certifications: SC-200, AZ-500, SC-300, Security+, CySA+, GCIH, GCIA, GSOC.
• Experience with other SIEM platforms such as Sentinel, LevelBlue (AlienVault), or Splunk.
• Exposure to Azure DevOps CI/CD pipelines for Sentinel deployments.
• Experience building dashboards, workbook metrics, and threat-hunting templates.
• Familiarity with threat intelligence workflows, IOC ingestion, and enrichment processes.
• Hands-on lab experience, Capture-the-Flag participation, or automation projects.

Why Join OneStep Group?

• Work in a mature MSSP environment alongside experienced analysts and engineers.
• Gain exposure to enterprise security tooling, cloud environments, and advanced detection engineering.
• Strengthen your engineering and automation skills with real project work.
• Structured certification pathways with internal guidance and support.
• Hybrid working environment with a collaborative and supportive culture.

If you’re ready to take on a high-impact role and contribute to a growing SOC team, we want to hear from you.

To learn more or request the full Position Description, contact Jaynil Karkar, SOC Team Lead.

Applications close: Wednesday, 29th December 2025.