Role Summary
An L2 Security Analyst handles advanced investigation and response for cybersecurity incidents escalated from the L1 team. The role focuses on conducting in-depth technical analysis, identifying root causes, performing threat hunting, and supporting containment and remediation. The analyst works closely with SOC teams, threat intelligence, and other stakeholders to strengthen detection capabilities and improve the organization's overall security posture.
Responsibilities
- Perform in-depth analysis of security incidents escalated from the L1 team to determine severity, impact, and root cause.
- Proactively search for indicators of compromise and emerging threats within the network and systems.
- Assist in containment, mitigation, and eradication of security incidents, collaborating with SOC, IR, and other teams.
- Enhance security monitoring tools by creating and refining SIEM correlation rules, alerts, and playbooks.
- Maintain detailed incident records, including timelines, analysis, and recommendations for future prevention.
- Provide feedback and training to L1 analysts to improve their detection and response capabilities.
Requirements
- Education & Experience: Bachelor's degree in Cybersecurity, IT, or related field with 25 years of cybersecurity experience, preferably in a SOC or incident response environment. Prior L1 analyst experience is highly preferred.
- Certifications: Relevant certifications such as CompTIA Security+, GIAC GSEC/GCIH, or CEH are advantageous.
- Technical Skills: Strong hands-on knowledge of SIEM (e.g., Splunk, QRadar), IDS/IPS, EDR, and the ability to analyze logs, network traffic, and security alerts to detect threats.
- Security Knowledge: Good understanding of attack techniques, vulnerabilities, network protocols, operating systems (Windows/Linux), and cloud environments.
- Additional Skills: Experience with scripting or automation (Python, PowerShell) is a plus.
- Soft Skills: Strong analytical thinking, problem-solving, communication, and the ability to work effectively under pressure in fast-paced environments.
- Other Requirements: Willingness to work shift schedules, maintain confidentiality, stay updated on evolving threats, and meet background or work eligibility requirements.
