L2 SOC Analysts

Job Advertisement – L2 SOC Analyst (Level 2)
Location: Qatar
Duration: 3 Years
Salary: Based on merit
Role Summary:
The L2 SOC Analyst serves as the second line of defense, conducting in-depth investigation, analysis, and response to escalated security incidents. This role ensures proper containment, remediation, and detailed reporting of threats.
Key Responsibilities:
Investigate escalated incidents from L1 Analysts.
Perform root cause analysis and recommend corrective actions.
Conduct malware analysis, threat hunting, and log correlation.
Fine-tune SIEM rules and detection use cases to minimize false positives.
Coordinate with IT/security teams for incident containment and remediation.
Mentor and support L1 Analysts with technical expertise.
Prepare detailed incident reports and contribute to incident response planning.
Requirements:
2–4 years of SOC or cybersecurity operations experience.
Strong knowledge of cybersecurity concepts, attack techniques, and mitigation strategies.
Hands-on experience with SIEM, IDS/IPS, firewalls, and EDR tools.
Skilled in log analysis (network, system, application) and threat intelligence usage.
Familiarity with MITRE ATT&CK, NIST, and ISO 27001 frameworks.
Proficiency in scripting (Python/PowerShell) for automation and hunting.
Excellent analytical, communication, and report writing skills.
Advanced Skills Preferred:
Threat hunting and digital forensics (memory, disk, or packet analysis).
Malware reverse engineering and detection engineering.
Experience with SOAR platforms, Wireshark, and YARA/Sigma rules.
Applying threat feeds (VirusTotal, AlienVault OTX, MISP).
Certifications (at least four required):
CEH, OSCP, CySA+, GCIH, ECIH, CASP+, CISSP, Splunk/Microsoft Sentinel, GCFA, GREM, GCTI, or equivalent.

Job Type: Full-time

Application Question(s):

• How many years of experience do you have working in a Security Operations Center (SOC) role?
• Do you have hands-on experience with SIEM platforms (e.g., Microsoft Sentinel, Splunk, QRadar)?
• Which cybersecurity tools and technologies have you worked with? (Please specify)

☐ Endpoint Detection & Response (EDR)

☐ IDS/IPS

☐ Firewalls

☐ Vulnerability Management tools

☐ SOAR platforms

☐ Threat Intelligence feeds

• Are you proficient in log analysis (network, system, application) and correlating events for incident investigations?
• Do you have experience in threat hunting, digital forensics, or malware analysis?
• Do you hold at least four relevant security certifications (e.g., CEH, OSCP, CySA+, GCIH, ECIH, CASP+, CISSP, Splunk/Microsoft Sentinel, GCFA, GREM, GCTI, etc.)?
• Are you skilled in scripting/automation (e.g., Python, PowerShell) for incident response or threat hunting?
• What is your current and expected monthly salary (QAR)? Notice Period?