Area(s) of responsibility

Key Responsibilities

• Deep-dive into incidents escalated from L1 to confirm true positives.
• Execute containment and remediation actions (e.g., block malicious IPs, isolate endpoints, disable compromised accounts).
• Lead playbook execution, enrichment, and automation of incident workflows.
• Perform Root Cause Analysis (RCA) and escalate complex cases to L3 when necessary.
• Provide remediation guidance to IT/business teams and support incident recovery.
• Tune alerts and detection rules to reduce false positives and improve accuracy.
• Leverage tool-specific expertise on Zscaler, Wiz, CyberArk for incident handling.
• Participate in major incident response (IR) and threat hunting activities.
• Review vulnerability scan results and recommend remediation/mitigation steps.
• Identify SOC workflow/process improvement opportunities and suggest enhancements.
• Maintain detailed documentation and compliance-ready reports.
• Mentor and support the upskilling of L1 SOC Analysts.