As a Level 2 Security Analyst in a Managed Security Service Provider (MSSP)
environment, you will serve as an advanced escalation point for Tier 1 analysts, handling complex alerts and security incidents across multiple client environments. Your primary responsibility is to investigate threats in-depth, guide incident response eforts, enhance detection capabilities, and ensure clients are protected with timely and accurate
responses. This role demands strong technical, analytical, and communication skills to succeed in a fast-paced, multi-tenant SOC. The role will also be on shift hours.
Key Responsibilities:
- Analyze and respond to escalated alerts from Tier 1 analysts across multiple clients.
- Conduct in-depth investigations using SIEM, EDR, NDR, firewall logs, and other security tools.
- Perform malware analysis, log correlation, and network traffic analysis to identify attack vectors.
- Execute containment, eradication, and recovery procedures using predefine runbooks and playbooks.
- Escalate and coordinate with Level 3 analysts or incident response teams for high-severity incidents.
- Provide technical guidance, support, and mentoring to Tier 1 analysts.
- Identify gaps in detection capabilities and recommend improvements in correlation rules, tuning, and alerts.
- Support proactive threat hunting initiatives based on IOCs, TTPs, and contextual threat intelligence.
- Monitor external threat intelligence feeds and correlate them with client telemetry to identify potential risks.
- Maintain clear and accurate documentation of all investigations, actions taken, and incident outcomes.
- Contribute to the continuous improvement of SOC processes, including the development of SOPs, playbooks, and runbooks.
- Ensure all activities are performed in compliance with client-specific SLAs, internal policies, and applicable regulatory standards.
- Participate in client-specific onboarding activities and ensure monitoring tools are correctly confgured.
- Join incident review meetings and provide root cause analysis and post-incident reporting when required.
- Handle shift handovers with detailed summaries and ensure continuity of investigations and tasks.
- Participate in internal knowledge-sharing sessions and contribute to SOC-wide initiatives and improvements.
Requirements:
Education & Experience:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or
related field—or equivalent work experience.
- 2–4 years of experience in a Security Operations Center or similar cybersecurity environment.
- Experience working in an MSSP or multi-tenant environment is highly desirable.
Technical Skills:
- Strong experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar).
- Hands-on experience with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender).
- Familiarity with NDR and SOAR platforms is a plus (e.g., Darktrace, Corelight, Cortex XSOAR).
- Strong understanding of networking protocols, log analysis, and system administration (Windows/Linux)
- Knowledge of malware behaviors, phishing techniques, and MITRE ATT&CK framework.
- Experience with scripting and automation tools (e.g., Python, PowerShell) is a plus.
- Familiarity with case management tools (e.g., Jira, ServiceNow, TheHive).
Certifications (preferred):
- CompTIA Security+, CySA+, or equivalent.
- GIAC certifiations (e.g., GCIH, GCIA, GCFA).
- CEH, or vendor-specifi certifiations (e.g., Microsoft SC-200, CrowdStrike CCFR).
Key Competencies:
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication—especially in client-facing documentation and briefings.
- Ability to handle multiple investigations and prioritize effetively under pressure.
- Customer-centric mindset with attention to SLA adherence and service quality.
- Collaborative, team-oriented, and proactive with continuous learning attitude.
