Security Operations Center Analyst (L2)

L2 SOC Analyst

Location: Hybrid (1 day per week onsite in Cologne)

Duration: 6 months initial with scope for extension

Rate: €65 - €90 per hour depending on experience

Role Overview

We are seeking an experienced L2 SOC Analyst to support our Insurance client’s Security Operations Centre (SOC). The successful candidate will play a key role in monitoring, detecting, and responding to security incidents, with a strong focus on Microsoft security technologies, including Microsoft Defender and Microsoft Sentinel.

This is an initial 6-month contract with potential for extension, offering the opportunity to work in a dynamic, security-focused environment within the insurance sector.

Key Responsibilities

• Monitor and triage security alerts and incidents using Microsoft Sentinel and Microsoft Defender suite
• Perform detailed investigation and analysis of security events, identifying root causes and recommending remediation actions
• Escalate complex incidents to L3 teams where required, ensuring proper documentation and handover
• Conduct threat hunting activities to proactively identify potential security risks
• Maintain and improve detection rules, playbooks, and use cases within Microsoft Sentinel
• Respond to incidents in line with defined SLAs and security procedures
• Collaborate with IT, infrastructure, and application teams to remediate vulnerabilities and security issues
• Produce clear and concise incident reports and documentation
• Support continuous improvement of SOC processes, tooling, and workflows

Required Skills & Experience

• Proven experience working as an L2 SOC Analyst or similar role
• Hands-on experience with:
• Microsoft Sentinel (SIEM)
• Microsoft Defender (Endpoint, Identity, Cloud Apps, Office 365)
• Strong understanding of security incident lifecycle and response processes
• Experience analysing logs from various sources (network, endpoint, cloud)
• Knowledge of common attack vectors, threat actors, and MITRE ATT&CK framework
• Familiarity with KQL (Kusto Query Language) for querying and detection tuning
• Experience with security tools such as EDR, SIEM, and SOAR platforms
• Understanding of networking fundamentals (TCP/IP, DNS, firewalls)
• Strong analytical and problem-solving skills