Security Operations Center (SOC) Analyst – Level 2

About the role

The organization is seeking a Level 2 Security Operations Center (SOC) Analyst to lead advanced threat detection, incident investigation, and response. This position serves as the escalation point for Level 1 analysts and works with SIEM and SOAR platforms to automate security operations.

Key responsibilities

• Monitor security alerts using Splunk SIEM and perform deep‑dive analysis of escalated incidents.
• Identify false positives, correlate logs from firewalls, endpoints, proxies, email, IDS/IPS, and other sources.
• Investigate and respond to malware, phishing, insider threats, and other incidents; conduct root‑cause analysis and execute containment, eradication, and recovery actions.
• Develop, modify, and optimize SOAR playbooks (e.g., Fortinet SOAR) and automate repetitive tasks such as alert triage and ticket creation.
• Analyze threat‑intelligence feeds, perform proactive threat hunting, and stay current on MITRE ATT&CK techniques.
• Create incident reports, dashboards, and recommendations to improve detection and response.
• Collaborate with L1 analysts, IT, network, and security teams, and support compliance and audit requirements.

Required profile

• Bachelor’s degree in Cybersecurity, IT, Computer Science or equivalent.
• 3–5 years of experience in a SOC or cybersecurity operations environment.
• Strong analytical, problem‑solving, and communication skills.
• Willingness to work in a 24/7 shift schedule.

Required skills

• Splunk SIEM
• Fortinet SOAR platform
• Symantec EDR
• Vectra AI NDR
• Bluecoat, Palo Alto and Cisco firewalls
• IDS/IPS and proxy technologies
• Network protocols: TCP/IP, DNS, HTTP/S
• Operating systems: Windows, Linux
• Log analysis and correlation
• Threat‑intelligence analysis and MITRE ATT&CK framework