Investigate and remediate escalated security incidents involving advanced attack techniques.
Perform detailed forensic data collection, root cause analysis, and system restoration.
Provide guidance and mentorship to L1 analysts on investigation techniques, escalation workflows, and threat mitigation strategies.
Conduct knowledge-sharing sessions within the SOC to improve detection capabilities.
Work alongside IT, engineering, and compliance teams to enhance security workflows and response plans.
Develop training materials and process documentation to support cross-functional security initiatives.
Conduct advanced tuning of security detection tools to enhance accuracy and reduce false positives.
Address complex tuning requests escalated from L1 analysts.
Perform in-depth analysis of suspicious activities to uncover and mitigate hidden security threats.
Conduct intermediate-level threat hunting, focusing on host artifacts, domain patterns, and network anomalies.
Develop detection rules and mechanisms to address network and host-based threats.
Utilize and manage SIEM, EDR, XDR, vulnerability scanners, firewalls, and email gateways at an intermediate level.
Create detailed security reports on incidents, emerging threats, and SOC operational performance
Maintain operational readiness in a 24/7 SOC environment, ensuring effective incident management and response during all shifts. Act as a point of escalation for complex security events, providing guidance to junior analysts and ensuring smooth
SOC operations. Contribute to continuous improvement efforts, refining SOC workflows and enhancing detection capabilities.
Key Requirements
Strong understanding of security frameworks, attack tactics (MITRE ATT&CK), and defensive security operations. Proficiency in security monitoring tools (SIEM, EDR, XDR, vulnerability scanners, firewalls, IDS/IPS).
Experience with log analysis, forensic investigation techniques, and security event correlation.
Ability to analyze malicious activity across endpoints, networks, and cloud environments.
Strong problem-solving skills with the ability to investigate and resolve complex security incidents.
Excellent written and verbal communication for effective documentation and reporting.
Ability to work in high-pressure environments, multitask, and adapt to evolving cybersecurity challenges
Min 5+ years of experience in SOC operations, cybersecurity analysis, or incident response.
Bachelor’s degree in Cybersecurity, Computer Science, or related field, OR equivalent hands-on experience.
Security certifications such as CompTIA CASP+, Pentest+, eCTHP, BTL2, GCIH, or similar are a plus.
