Act as the primary point of escalation for Level 1 analysts for complex security events and potential incidents.
Perform in-depth investigation and analysis of security alerts using SIEM, EDR and other security tools.
Lead the response to confirmed security incidents, including containment, eradication, and recovery efforts.
Conduct advanced threat hunting to identify indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that evade traditional detection methods.
Perform detailed analysis of malware and attacker tools.
Team Management & Mentorship
Provide daily guidance, supervision, and technical direction to a team of Level 1 SOC Analysts.
Develop and execute a formal training and mentorship program to groom Level 1 analysts into proficient Level 2 analysts.
Work with the team-lead to create and review shift schedules to ensure 24/7 coverage.
Foster a collaborative, knowledge-sharing, and high-performance team culture.
Conduct regular performance reviews and provide constructive feedback.
Process Improvement & Documentation
Develop, refine, and document SOC standard operating procedures (SOPs), playbooks, and runbooks for alert triage and incident response.
Analyze alert trends and false positives to provide feedback for tuning SIEM rules, use cases, and correlation logic.
Assist the SOC Manager in evaluating new security technologies and tools.
Contribute to the creation of detailed incident reports for management and clients.
