SOC Analyst L2_SAUDI

We are seeking a SOC Analyst Level 2 (L2) to join a dynamic cybersecurity operations team responsible for protecting critical IT environments.

The SOC Analyst L2 will play a key role in investigating security alerts, responding to incidents, and strengthening detection capabilities . This role acts as the escalation point for Level 1 analysts and contributes to the continuous improvement of security monitoring and incident response processes.

The ideal candidate has hands-on experience with SIEM platforms, threat detection, incident response, and security monitoring tools in a Security Operations Center environment.

Key Responsibilities

• Investigate and analyze security alerts escalated from SOC L1 analysts .
• Perform in-depth threat analysis and incident investigation using SIEM and security monitoring tools.
• Lead incident response activities , including containment, eradication, and recovery.
• Monitor and analyze logs, network traffic, and endpoint activity to detect suspicious behavior.
• Conduct root cause analysis and recommend remediation actions.
• Develop and enhance SIEM detection rules, correlation use cases, and SOC playbooks .
• Perform proactive threat hunting to identify potential threats within the environment.
• Collaborate with internal teams to ensure timely resolution of security incidents .
• Maintain proper documentation of incidents and investigations within the case management system .
• Provide technical guidance and mentoring to SOC L1 analysts.

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related field .
• 3–5+ years of experience working in a Security Operations Center or cybersecurity operations role.
• Strong hands-on experience with SIEM platforms (Splunk, QRadar, Sentinel, ArcSight, or similar).
• Experience with incident response and security incident investigation .
• Knowledge of network security, endpoint security, and attack techniques .
• Familiarity with MITRE ATT&CK framework and threat intelligence analysis .
• Experience analyzing logs from EDR, IDS/IPS, firewalls, and cloud security tools .
• Strong analytical, troubleshooting, and problem-solving skills.
• Ability to work in a fast-paced security operations environment .
• Relevant certifications are a plus (Security+, CEH, GCIH, GCIA, CISSP).