1. Job Description

The SOC L2 Analyst will provide mid-level support in monitoring, analyzing, and responding to security events. This role includes advanced investigation and troubleshooting of complex incidents and threat intelligence research. The L2 Analyst will escalate unresolved issues to L3 analysts and contribute to improving detection and response capabilities.

2. Responsibilities

Analyze escalated incidents from L1 analysts and perform in-depth investigations.
Use SentinelOne and Microsoft Sentinel to correlate logs and identify complex threats.
Review and fine-tune security use cases and detection rules.
Conduct threat intelligence research to identify emerging threats, vulnerabilities, and attack patterns.
Provide threat intelligence advisory and insights to SOC team, Customers and leadership to improve detection capabilities.
Lead or assist in incident response efforts and forensic investigations.
Utilize Jira/Manage Engine ITSM for tracking and resolution of security incidents.
Ensure adherence to the Incident Response Plan and provide feedback for improvement.
Support and mentor L1 analysts, providing training and guidance as needed.
Generate detailed reports for internal stakeholders on incident trends, response times, and lessons learned.

3. Qualifications

Bachelor's degree in computer science, Cybersecurity, or a related field.
3–5 years of experience working in a Security Operations Center (SOC) or a similar security role.
Strong experience with SIEM tools, particularly Azure Microsoft Sentinel or SentinelOne.
Experience in incident analysis, escalation procedures, and security event investigation.
Experience working with threat intelligence platforms, researching emerging threats, and integrating threat intelligence into SOC operations.
Strong analytical and problem-solving skills.
Ability to work effectively in a 24x7 shift environment.

4. Certifications

Certified SOC Analyst (CSA), GIAC Certified Incident Handler (GCIH), or similar intermediate-level certifications (e.g., CEH).