Security Operations Center Analyst

SOC Analyst – Level 2 (Tier 2 / Incident Responder)

We are hiring a SOC Analyst – Level 2 to lead in-depth investigations, incident response, and threat containment activities. This role handles escalated alerts, performs advanced forensic analysis, and drives remediation efforts. The ideal candidate has strong technical expertise and hands-on experience managing complex security incidents.

Location: Karachi, Lahore, Multan, Faisalabad and Islamabad

Responsibilities

• Lead investigation of escalated incidents from L1 analysts.
• Perform root cause analysis and reconstruct attack chains.
• Conduct endpoint, network, and cloud-level investigations.
• Execute containment and remediation actions (endpoint isolation, account disablement, IOC blocking).
• Develop and optimize detection queries (KQL preferred).
• Tune SIEM/XDR rules to improve detection and reduce false positives.
• Handle advanced incidents (ransomware, lateral movement, credential compromise, data exfiltration).
• Prepare detailed incident reports and executive summaries.
• Support threat hunting initiatives and mentor L1 analysts.

Requirements

• 4–6 years of experience in SOC or Incident Response.
• Strong understanding of Windows, Active Directory, network security, and endpoint security.
• Knowledge of cloud security fundamentals (Azure/AWS).
• Hands-on experience with SIEM/XDR platforms.
• Experience writing detection queries (KQL preferred).
• Solid understanding of incident response lifecycle and attacker techniques.
• Relevant certifications (SC-200, AZ-500, GCIH, GCIA) are preferred.