Security Operations Center (SOC) Analyst L2

Role Overview

A SOC L2 Analyst is responsible for in-depth investigation, validation, and response to security incidents escalated by SOC L1. The role focuses on threat analysis, root cause identification, and containment of cyberattacks.

Key Job Responsibilities:

• Perform advanced monitoring, correlation, and triage of security events across SIEM, EDR, SOAR, IDS/IPS, DLP, CASB, Firewall, and Proxy tools to detect and investigate sophisticated cyber threats.
• Lead detailed investigations of escalated incidents from L1 Analysts, ensuring accurate classification, root cause identification, and timely containment, eradication, and recovery actions.
• Conduct proactive threat hunting using behavioral analytics, hypothesis-based searches, and integrated threat intelligence to identify potential undetected threats.
• Analyze and correlate logs and telemetry from multiple data sources to identify indicators of compromise and multi-stage attack campaigns.
• Perform endpoint and network forensic analysis, including memory dumps, process inspection, and packet captures, to detect persistence, lateral movement, or data exfiltration.
• Develop, optimize, and fine-tune SIEM correlation rules, dashboards, and detection use cases to improve alert accuracy and minimize false positives.
• Integrate and leverage internal and external threat intelligence feeds to enrich investigations and strengthen detection capabilities aligned with MITRE ATT&CK and adversary TTPs.
• Collaborate with Threat Intelligence, Incident Response (IR), and DFIR teams to handle complex security cases and ensure effective escalation and resolution within SLA timelines.
• Support automation initiatives by designing and testing SOAR playbooks and recommending process automation for recurring SOC tasks.
• Perform periodic use case and rule reviews to ensure coverage against evolving attack techniques and organizational risk priorities, maintaining a detailed Use Case Repository.
• Monitor and maintain the operational health of SOC tools and log collectors to ensure continuous data ingestion and system performance.
• Correlate cloud-native security logs with on-premise events for unified threat visibility across hybrid environments.
• Take complete ownership of the incident lifecycle—from detection to closure—including documentation, remediation coordination, and post-incident review.
• Mentor and guide SOC L1 Analysts by reviewing escalations, delivering technical training, and sharing knowledge on new attack vectors and detection techniques.
• Generate and present daily, weekly, and monthly reports covering incident trends, root cause summaries, and SOC performance metrics.
• Assist in periodic security audits and compliance reviews to ensure processes align with ISO 27001, NIST, or other relevant frameworks.
• Maintain confidentiality and integrity of all security incident data, logs, and reports in line with organizational and client policies.
• Continuously enhance SOC processes, documentation, and playbooks to strengthen detection, response, and recovery maturity.
• Stay current with emerging threats, zero-day vulnerabilities, malware families, and evolving TTPs to proactively enhance detection strategies and SOC capabilities.

Qualifications:

• Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or related field.
• Minimum 2+ years of experience in a SOC environment, handling incident triage, investigation, and response.
• Strong understanding of network security, attack lifecycle, malware behavior, and incident response frameworks (NIST/SANS).
• Hands-on experience with SIEM, EDR, and SOAR tools such as Log360, Splunk, Sentinel, Cortex XDR, etc.
• Familiarity with MITRE ATT&CK, Cyber Kill Chain, and threat intelligence analysis.
• Basic knowledge of scripting (Python, PowerShell, Bash) and network packet analysis (Wireshark).
• Exposure to cloud security monitoring and vulnerability management.

Certifications:

• SIEM Certification (If any)
• CompTIA Security+ / CySA+
• EC-Council CEH / CHFI
• Microsoft SC-200 or Palo Alto Cortex XDR (added advantage)

Soft Skills:

• Strong ownership, accountability, and analytical mindset.
• Excellent communication and reporting abilities.
• Ability to mentor L1 Analysts and work collaboratively.
• Adaptable and proactive in learning new tools, threats, and technologies.

Job Type: Full-time

Pay: ₹10,000.00 - ₹20,000.00 per month

Benefits:

• Work from home

Work Location: Remote