SOC L2 Analyst – Security Operations Center

About the role

We are seeking an experienced Security Operations Center (SOC) L2 Analyst to join Mindfire Technologies’ Cyber Defense Center in the UAE. The role involves advanced monitoring, triage, investigation and incident response for enterprise customers across a range of security platforms.

Key responsibilities

• Perform L2 security event monitoring, triage, investigation and escalation.
• Analyze alerts from SIEM, EDR, NDR, firewalls, IDS/IPS, email security, cloud and identity platforms.
• Validate incidents, filter false positives and identify true‑positive attacks.
• Conduct initial incident response, containment coordination and evidence collection.
• Execute log analysis across Windows, Linux, network, firewall, VPN, cloud and Active Directory environments.
• Investigate phishing, malware, brute‑force attempts, suspicious logins, endpoint alerts, privilege misuse and data exfiltration indicators.
• Support threat‑hunting, IOC searches, use‑case tuning and detection rule improvements.
• Prepare incident reports, investigation notes, shift handover documentation and customer‑facing updates.
• Coordinate with L1 analysts, L3 specialists, customer IT teams and incident response teams while maintaining SLA compliance.

Required profile

• Minimum 4–5 years of hands‑on SOC or cybersecurity operations experience.
• Strong understanding of MITRE ATT&CK, cyber kill‑chain and incident response lifecycle.
• Willingness to work rotating SOC shifts.
• Relevant certifications such as Security+, CEH, CySA+, SC‑200, AZ‑500, Splunk, QRadar or Microsoft Sentinel are a plus.

Required skills

• Proficiency with SIEM platforms (Microsoft Sentinel, Splunk, QRadar, LogRhythm, USM Anywhere).
• Experience using EDR tools (Microsoft Defender, CrowdStrike, SentinelOne, Sophos, Trellix).
• Deep knowledge of Windows Security Events, Active Directory, firewall and VPN logs.
• Familiarity with email security, cloud security logs and endpoint alert data.
• Ability to analyse malware alerts, phishing indicators, PowerShell activity and lateral movement.