SOC L2 Analyst(3 to 6 Years Experience)
Overview
As a SOC L2 Analyst, you will play a crucial role in the Security Operations Center by handling complex security incidents, conducting deep-dive investigations, and mentoring L1 analysts. You will leverage advanced security tools and technologies to detect, analyze, and respond to sophisticated cyber threats.
Key Responsibilities
1. Advanced Incident Response
- Investigate and respond to escalated security incidents from L1 analysts
- Perform in-depth analysis and correlation of security events to identify root cause and impact
- Develop and implement mitigation strategies to contain and remediate incidents
2. Threat Hunting and Analysis
- Conduct proactive threat hunting using tools such as Splunk, CrowdStrike, ExtraHop, Proofpoint, etc.
- Analyze threat intelligence to identify potential risks to the organization
3. Endpoint and Network Security
- Utilize Cisco AMP and CrowdStrike for advanced endpoint protection and threat analysis
- Monitor and analyze network traffic using ExtraHop to detect anomalies and intrusions
4. Log Management and SIEM
- Perform detailed log analysis and correlation using Splunk, CrowdStrike, Proofpoint
- Suggest and implement improvements to SIEM rules and alerts to enhance detection capabilities
5. Cloud Security
- Use CASB solutions to monitor and secure cloud services and applications
6. Collaboration and Escalation
- Collaborate with cross-functional teams to coordinate response efforts
- Escalate incidents to L3 analysts or specialized teams as needed
7. Documentation and Reporting
- Document incident findings, actions taken, and lessons learned in JIRA and ServiceNow
- Prepare detailed incident reports and briefings for management and stakeholders
8. Mentoring and Training
- Provide guidance and mentorship to L1 analysts
- Conduct training sessions and workshops on advanced security tools and topics
9. Continuous Improvement
- Stay updated with the latest cybersecurity threats, trends, and technologies
- Contribute to refining SOC processes and developing playbooks
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience)
- 3 to 6 years of experience in a SOC or similar security role
- Proficiency with tools such as Splunk, CrowdStrike, Proofpoint, ServiceNow, and JIRA
- Strong understanding of network and endpoint security principles
- Experience with incident response, threat hunting, and log analysis
- Excellent analytical, problem-solving, and communication skills
- Ability to work under pressure and manage multiple tasks simultaneously
Preferred Certifications
- Certified Ethical Hacker (CEH)
- GIAC Certified Incident Handler (GCIH)
- Other relevant cybersecurity certifications
Working Conditions
- This role requires working in shifts to provide 24/7 security monitoring
