Log In
Sign Up
The SOC Level 2 (Tier 2) Analyst is responsible for advanced threat investigation, incident analysis, and response coordination. This role focuses on in-depth analysis of escalated security incidents, identifying root causes, performing containment guidance, and supporting continuous security improvement initiatives.
Key Responsibilities:
• Perform detailed investigation of escalated security incidents from Level 1 analysts
• Analyze endpoint, network, and log data to determine scope and impact of incidents
• Conduct threat hunting activities to identify undetected malicious behavior
• Perform root cause analysis and recommend remediation actions
• Validate and tune detection rules to reduce false positives
• Coordinate with IT and security teams for containment and remediation
• Document investigation findings and produce detailed incident reports
• Assist in developing and improving SOC playbooks and procedures
• Support 24/7 shift operations when required
Required Skills:
• Strong understanding of networking concepts (TCP/IP, DNS, HTTP, SMB.)
• Hands-on experience with SIEM tools (Splunk, Wazuh, QRadar, FortiSIEM)
• Knowledge of endpoint detection tools (EDR/XDR platforms)
• Understanding of attack techniques and MITRE ATT&CK framework
• Ability to analyze logs from firewalls, endpoints, servers, and cloud environments
• Basic scripting knowledge (Python, PowerShell, or Bash)
• Strong analytical and problem-solving skills
• Good written and verbal communication skills
Education & Experience
• Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field
• 2–4 years of experience in SOC, cybersecurity operations, or incident response
• Experience handling real security incidents is preferred
• Mandatory Certification
• Candidates must hold at least one certification in one of the following areas:
• Incident Response
• Digital Forensics
• Threat Hunting
• Malware Analysis
• Preferred certifications may include
• ECTHP,ECDFP
• CHFI,ECIH
• GCIA ,GCIH,GCFA,GCFE
• Blue Team certifications