Key Responsibilities: 

• Analyze and respond to escalated alerts from Tier 1 analysts across multiple clients. 

• Conduct in-depth investigations using SIEM, EDR, NDR, firewall logs, and other security tools. 

• Perform malware analysis, log correlation, and network traffic analysis to identify attack vectors. 

• Execute containment, eradication, and recovery procedures using predefined runbooks and playbooks. 

• Escalate and coordinate with Level 3 analysts or incident response teams for high-severity incidents. 

• Provide technical guidance, support, and mentoring to Tier 1 analysts. 

• Identify gaps in detection capabilities and recommend improvements in correlation rules, tuning, and alerts. 

• Support proactive threat hunting initiatives based on IOCs, TTPs, and contextual threat intelligence. 

• Monitor external threat intelligence feeds and correlate them with client telemetry to identify potential risks. 

• Maintain clear and accurate documentation of all investigations, actions taken, and incident outcomes. 

• Contribute to the continuous improvement of SOC processes, including the development of SOPs, playbooks, and runbooks. 

• Ensure all activities are performed in compliance with client-specific SLAs, internal policies, and applicable regulatory standards. 

• Participate in client-specific onboarding activities and ensure monitoring tools are correctly configured. 

• Join incident review meetings and provide root cause analysis and post-incident reporting when required. 

• Handle shift handovers with detailed summaries and ensure continuity of investigations and tasks. 

• Participate in internal knowledge-sharing sessions and contribute to SOC-wide initiatives and improvements. 

Requirements: 

Education & Experience: 

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field—or equivalent work experience. 

• 2–4 years of experience in a Security Operations Center or similar cybersecurity environment. 

• Experience working in an MSSP or multi-tenant environment is highly desirable. 

Technical Skills: 

• Strong experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar). 

• Hands-on experience with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender). 

• Familiarity with NDR and SOAR platforms is a plus (e.g., Darktrace, Corelight, Cortex XSOAR). 

• Strong understanding of networking protocols, log analysis, and system administration (Windows/Linux). 

• Knowledge of malware behaviors, phishing techniques, and MITRE ATT&CK framework. 

• Experience with scripting and automation tools (e.g., Python, PowerShell) is a plus. 

• Familiarity with case management tools (e.g., Jira, ServiceNow, TheHive). 

Certifications (preferred): 

• CompTIA Security+, CySA+, or equivalent. 

• GIAC certifications (e.g., GCIH, GCIA, GCFA). 

• CEH, or vendor-specific certifications (e.g., Microsoft SC-200, CrowdStrike CCFR). 

Key Competencies: 

• Strong analytical and problem-solving skills. 

• Excellent written and verbal communication—especially in client-facing documentation and briefings. 

• Ability to handle multiple investigations and prioritize effectively under pressure. 

• Customer-centric mindset with attention to SLA adherence and service quality. 

• Collaborative, team-oriented, and proactive with continuous learning attitude. 

Shift Expectations: 

• Participation in shift rotations (24/7 support model, if applicable), including weekends and public holidays. 

• On-call support may be required depending on client SLAs and incident severity.