SOC Officer

The SOC L2 Analyst plays a critical role in the proactive defense of the organization's security posture. This individual will leverage their technical expertise and analytical skills to investigate complex security incidents, identify attack patterns, and implement effective countermeasures. The SOC L2 Analyst serves as an escalation point for Tier 1 analysts and contributes to the continuous improvement of SOC processes and security tools.

Monitor security events and alerts generated by various security tools (e.g., SIEM, IDS/IPS, EDR) and escalate complex or high-severity incidents as necessary. Conduct in-depth analysis of security incidents to determine root cause, scope, and impact. Perform threat hunting activities to proactively identify potential security threats that may evade automated detection. Implement containment and remediation strategies for security incidents, including isolating affected systems, blocking malicious traffic, and removing malware. Analyze malware samples and understand their behavior. Develop and refine security incident response procedures and playbooks. Collaborate with Tier 1 analysts, providing guidance and support in incident analysis and handling. Escalate incidents to Tier 3 analysts or other relevant teams (e.g., IR, Engineering) when necessary. Document all incident analysis, containment, and remediation activities in detail. Contribute to the tuning and optimization of security tools and alerting rules. Stay up-to-date on the latest cyber threats, attack techniques, and security vulnerabilities, potentially considering threat trends. Participate in post-incident reviews to identify lessons learned and improve incident response processes. Assist in the development and delivery of security awareness training materials.

Bachelor's degree in Computer Science, Information Security, or a related field. 1-3 years of experience in a Security Operations Center (SOC) environment, with demonstrable experience in incident analysis and response Relevant security certifications such as CompTIA CySA+, Security+, CEH, or vendor-specific certifications (e.g., Splunk Core Certified User/Power User) are desirable.