Security Operation Centre L2

Job Summary

The SOC L2 Analyst is responsible for deeper analysis and incident response. They investigate alerts escalated by L1 analysts, perform root cause analysis, and coordinate containment and remediation efforts. L2 Analysts act as incident handlers and guide L1s on analysis procedures.

Key Responsibilities

• Investigate and validate escalated incidents from SOC L1.
• Perform detailed log analysis across multiple systems (firewalls, endpoints, servers).
• Identify attack patterns, indicators of compromise (IOCs), and determine the scope and impact of attacks.
• Coordinate with IT and security teams to contain and eradicate threats.
• Develop and maintain incident response playbooks.
• Perform threat hunting using EDR/XDR and SIEM tools.
• Conduct malware analysis and support forensics where needed.
• Mentor and train SOC L1 Analysts on triage and alert handling.
• Contribute to improving detection rules and automation.
• Document incidents thoroughly and prepare post-incident reports.

Skills & Knowledge

• Strong understanding of network security, firewalls, intrusion detection systems.
• Experience with SIEM, EDR/XDR, and threat intelligence tools.
• Knowledge of incident response lifecycle and MITRE ATT&CK framework.
• Ability to analyze logs from multiple sources and correlate events.
• Scripting or automation skills (Python, PowerShell) are an advantage.

Education & Certifications

• Bachelor’s in Cybersecurity, Computer Science, or Information Security.
• 3 to 5 years of SOC or cybersecurity experience.
• Preferred certifications:
• CompTIA CySA+
• EC-Council Certified SOC Analyst (CSA)
• Microsoft SC-200
• GIAC Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)

Job Type: Full-time

Ability to commute/relocate:

• Muscat: Reliably commute or planning to relocate before starting work (Required)

Application Question(s):

• what is your monthly current salary?
• what is your monthly expected salary?
• what is your notice period?

Education:

• Bachelor's (Required)

Experience:

• Security Operation Centre L2: 5 years (Required)