Senior SOC Analyst L2 - Saudi National - Jeddah, KSA

Position Overview

We are seeking a highly skilled Senior SOC Analyst – Layer 2 (L2) to join our Cybersecurity Operations Center (SOC) in Jeddah. The selected candidate will play a critical role in advanced threat detection, in-depth incident investigation, containment, and response activities across enterprise environments.

This position requires strong hands-on operational experience in SOC environments, with proven capability in analyzing complex security events, leading incident response activities, tuning detection use cases, and mentoring junior analysts (L1).

________________________________________

Key Responsibilities

1. Advanced Threat Monitoring & Analysis

• Perform in-depth analysis of security alerts escalated from L1 analysts.
• Investigate complex incidents using SIEM, EDR, NDR, and other security tools.
• Validate and classify security events to eliminate false positives.
• Conduct log correlation and behavioral analysis across multiple data sources.
• Identify Indicators of Compromise (IOCs) and map them to the MITRE ATT&CK framework.

2. Incident Response & Containment

• Lead incident triage, containment, eradication, and recovery efforts.
• Coordinate with IT, network, cloud, and system teams during active incidents.
• Perform root cause analysis and recommend corrective security controls.
• Develop and update Incident Response playbooks and runbooks.
• Support digital evidence preservation and forensic readiness.

3. SIEM & Detection Engineering Support

• Create and tune correlation rules and detection use cases in Splunk Enterprise Security, IBM QRadar, or equivalent SIEM platforms.
• Enhance alert logic to reduce false positives and improve detection accuracy.
• Develop advanced queries (e.g., SPL, AQL, KQL) for threat hunting.
• Ensure log sources are properly normalized and mapped to data models.

4. Threat Hunting & Proactive Defense

• Conduct proactive threat hunting using EDR, SIEM, and threat intelligence feeds.
• Investigate suspicious anomalies and lateral movement indicators.
• Integrate threat intelligence into detection logic.
• Participate in purple team exercises and attack simulations.

5. Endpoint & Network Security Operations

• Perform deep investigations using EDR solutions such as Microsoft Defender for Endpoint, CrowdStrike Falcon, or equivalent.
• Analyze firewall, proxy, VPN, IDS/IPS logs (e.g., Palo Alto, Fortinet, Cisco).
• Monitor and investigate suspicious email threats (phishing, malware, BEC).

6. Escalation & Reporting

• Prepare detailed incident reports with technical findings and executive summaries.
• Escalate high-severity incidents to SOC Manager and CISO when required.
• Provide weekly and monthly security incident metrics.
• Support compliance and audit reporting requirements (SAMA CSF, NCA ECC, ISO 27001, PCI DSS).

On-Call Support

• Participate in 24x7 on-call rotation for critical incident handling.
• Respond to high-severity incidents outside business hours when required.

Candidates must demonstrate proven hands-on experience in:

• Minimum 5–7 years of experience in SOC operations.
• At least 3 years in an L2 role or equivalent advanced SOC position.
• Hands-on experience with enterprise SIEM platforms (Splunk, QRadar, ArcSight, Sentinel).
• Advanced log analysis and event correlation.
• Incident response lifecycle management.
• EDR investigation and containment.
• Malware analysis fundamentals (hash analysis, sandboxing, behavior analysis).
• Network traffic analysis (PCAP, NetFlow, TCP/IP fundamentals).
• Strong understanding of Windows/Linux security events.
• Experience working in regulated environments (Banking, Government, Critical Infrastructure preferred).
• Familiarity with cloud security monitoring (Azure/AWS logs preferred).

Preferred Technical Knowledge

• MITRE ATT&CK framework mapping.