SOC L2 Analyst

Summary of Job Profile:

The SOC L2 Analyst plays a critical role in the proactive defense of the organization's security posture. This individual will leverage their technical expertise and analytical skills to investigate complex security incidents, identify attack patterns, and implement effective countermeasures. Operating daily within our security toolset — Splunk (SIEM), Wazuh (SIEM/XDR), and Bitdefender GravityZone (EDR) — the SOC L2 Analyst serves as an escalation point for Tier 1 analysts and contributes to the continuous improvement of SOC processes and security tools.

Tools & Technologies Used

• Splunk — Primary SIEM platform for log ingestion, correlation, SPL-based querying, alert management, and dashboard creation
• Wazuh — Open-source SIEM/XDR platform for endpoint telemetry, rule tuning, decoder customization, active response, and vulnerability detection
• Bitdefender GravityZone — Endpoint Detection & Response (EDR) platform for endpoint alert triage, threat containment, policy management, and malware remediation
• IDS/IPS, Firewalls, Web Proxies — Supporting security tools for network-level threat detection and traffic analysis

Essential Duties & Responsibilities

• Monitor security events and alerts generated by Splunk, Wazuh, Bitdefender GravityZone, and other security tools; escalate complex or high-severity incidents as necessary
• Conduct in-depth analysis of security incidents to determine root cause, scope, and impact
• Perform threat hunting activities using Splunk SPL queries and Wazuh detection rules to proactively identify potential security threats that may evade automated detection
• Investigate and respond to endpoint alerts in Bitdefender GravityZone, including isolating affected endpoints, blocking malicious processes, and initiating remediation workflows
• Implement containment and remediation strategies for security incidents, including isolating affected systems, blocking malicious traffic, and removing malware
• Analyze malware samples and understand their behavior using available tooling
• Develop, refine, and tune Splunk correlation rules, Wazuh detection rules, and Bitdefender GravityZone policies to improve detection accuracy and reduce false positives
• Develop and refine security incident response procedures and playbooks
• Collaborate with Tier 1 analysts, providing guidance and support in incident analysis and handling
• Escalate incidents to Tier 3 analysts or other relevant teams (e.g., IR, Engineering) when necessary
• Document all incident analysis, containment, and remediation activities in detail within the ticketing system
• Stay up-to-date on the latest cyber threats, attack techniques, and security vulnerabilities
• Participate in post-incident reviews to identify lessons learned and improve incident response processes
• Assist in the development and delivery of security awareness training materials

Requirements — Knowledge, Skills & Abilities

• Strong understanding of TCP/IP and other networking protocols
• In-depth knowledge of common cyber threats, attack vectors, and malware types
• Hands-on familiarity with Splunk (SIEM) — log management, SPL querying, dashboards, and alert creation
• Hands-on familiarity with Wazuh — architecture, rule/decoder customization, active response, and vulnerability management
• Hands-on familiarity with Bitdefender GravityZone — endpoint alert triage, policy configuration, and incident response workflows
• Understanding of operating system security (Windows, Linux)
• Knowledge of security event analysis and correlation techniques
• Knowledge of incident response processes and methodologies
• Awareness of relevant security regulations and compliance standards
• Understanding of threat intelligence sources and their application

Education, Experience & Certifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• 1–3 years of experience in a Security Operations Center (SOC) environment, with demonstrable experience in incident analysis and response
• Splunk Core Certified User or Splunk Core Certified Power User — required (given Splunk is the primary SIEM)
• Wazuh certification or demonstrable hands-on Wazuh experience — highly desirable
• CompTIA CySA+, Security+, or CEH — desirable
• Bitdefender GravityZone administration experience or certification — desirable

Job Type: Full-time

Application Question(s):

• Do you have hands-on experience with any SIEM platform (e.g., Splunk, Wazuh, or similar)?
• Briefly describe a security incident you personally investigated. What was your role, and what steps did you take to contain and resolve it?
• How do you stay current with new cyber threats and attack techniques?

Education:

• Bachelor's (Preferred)

Experience:

• SOC: 2 years (Required)

Work Location: In person