Job Title: SOC L2 Analyst (Incident Responder)

Job Summary

We are looking for a highly skilled and experienced SOC L2 Analyst to act as a senior incident responder within our Security Operations Center. In this advanced role, you will be the primary technical investigator for complex and escalated cybersecurity incidents. Taking ownership of threats verified by our L1 team, you will conduct deep-dive analysis to determine the full scope of an attack, identify the root cause, and lead the technical efforts to contain, eradicate, and recover from the incident. Beyond reactive response, you will proactively hunt for advanced threats within our environment and contribute to the continuous improvement of our detection and response capabilities. The ideal candidate is a seasoned cybersecurity professional with a detective's mindset, deep expertise in digital forensics and incident response (DFIR), and a passion for staying one step ahead of adversaries.

Job Title: SOC L2 Analyst (Incident Responder)

Job Summary:

We are looking for a highly skilled and experienced SOC L2 Analyst to act as a senior incident responder within our Security Operations Center. In this advanced role, you will be the primary technical investigator for complex and escalated cybersecurity incidents. Taking ownership of threats verified by our L1 team, you will conduct deep-dive analysis to determine the full scope of an attack, identify the root cause, and lead the technical efforts to contain, eradicate, and recover from the incident. Beyond reactive response, you will proactively hunt for advanced threats within our environment and contribute to the continuous improvement of our detection and response capabilities. The ideal candidate is a seasoned cybersecurity professional with a detective's mindset, deep expertise in digital forensics and incident response (DFIR), and a passion for staying one step ahead of adversaries.

Responsibilities

● Serve as the lead investigator for escalated security incidents, conducting in-depth analysis of network trac, endpoint data, and log sources to determine the impact, scope, and nature of the threat.

● Perform advanced threat analysis by correlating data from multiple sources and leveraging threat intelligence to identify attack vectors, indicators of compromise (IOCs), and adversary tactics, techniques, and procedures (TTPs).

● Conduct digital forensic investigations, including malware analysis (static/dynamic), memory analysis, and network forensics (packet capture analysis) to understand attacker activity.

● Develop and execute containment, eradication, and recovery strategies to effectively mitigate security incidents and minimize business impact.

● Proactively hunt for undetected threats within the enterprise by developing hypotheses and using advanced analytics and security tools to search for signs of compromise that have evaded existing controls.

● Rene and enhance the organization's security posture by tuning SIEM correlation rules, developing new detection logic, and updating and creating incident response playbooks.

● Document all investigation activities, findings, and remediation steps in detailed incident reports suitable for technical, management, and legal audiences.

● Provide technical guidance and mentorship to L1 analysts, acting as a subject matter expert for incident response and threat analysis.

● Collaborate with other teams, including IT infrastructure, legal, and compliance, to ensure a coordinated response to security incidents.

Requirements

● 3-5+ years of experience in a Security Operations Center, with at least 2-3 years in a Tier 2 incident response, threat hunting, or digital forensics role.

● Bachelor's degree in Cybersecurity, Computer Science, or a related discipline, or equivalent professional experience.

● Expert-level proficiency with core security technologies, including SIEM (Splunk, QRadar), EDR (CrowdStrike, SentinelOne), IDS/IPS, and network analysis tools (Wireshark).

● Demonstrated mastery of incident handling, threat hunting, log analysis, and malware analysis techniques.

● Strong knowledge of operating system internals (Windows/Linux), networking protocols (TCP/IP), and common application protocols.

● Proficiency in at least one scripting language (e.g., Python, PowerShell) for automating analysis tasks and developing custom tools.

● Deep understanding of cybersecurity frameworks such as the MITRE ATT&CK Framework and the Cyber Kill Chain.

● Advanced professional certifications are highly required. Examples include GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or EC-Council Certified Security Analyst (ECSA).

● Exceptional critical thinking, analytical, and problem-solving skills, with the resilience to handle high-stress situations.