Security Analyst L2

As a Level 2 Security Analyst in a Managed Security Service Provider (MSSP)environment, you will serve as an advanced escalation point for Tier 1 analysts, handling complex alerts and security incidents across multiple client environments. Your primary responsibility is to investigate threats in-depth, guide incident response eforts, enhance detection capabilities, and ensure clients are protected with timely and accurateresponses. This role demands strong technical, analytical, and communication skills to succeed in a fast-paced, multi-tenant SOC. The role will also be on shift hours. Key Responsibilities:Analyze and respond to escalated alerts from Tier 1 analysts across multiple clients.Conduct in-depth investigations using SIEM, EDR, NDR, firewall logs, and other security tools.Perform malware analysis, log correlation, and network traffic analysis to identify attack vectors.Execute containment, eradication, and recovery procedures using predefine runbooks and playbooks.Escalate and coordinate with Level 3 analysts or incident response teams for high-severity incidents.Provide technical guidance, support, and mentoring to Tier 1 analysts.Identify gaps in detection capabilities and recommend improvements in correlation rules, tuning, and alerts.Support proactive threat hunting initiatives based on IOCs, TTPs, and contextual threat intelligence.Monitor external threat intelligence feeds and correlate them with client telemetry to identify potential risks.Maintain clear and accurate documentation of all investigations, actions taken, and incident outcomes.Contribute to the continuous improvement of SOC processes, including the development of SOPs, playbooks, and runbooks.Ensure all activities are performed in compliance with client-specific SLAs, internal policies, and applicable regulatory standards.Participate in client-specific onboarding activities and ensure monitoring tools are correctly confgured.Join incident review meetings and provide root cause analysis and post-incident reporting when required.Handle shift handovers with detailed summaries and ensure continuity of investigations and tasks.Participate in internal knowledge-sharing sessions and contribute to SOC-wide initiatives and improvements.Requirements:Education & Experience:Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, orrelated field—or equivalent work experience.2–4 years of experience in a Security Operations Center or similar cybersecurity environment.Experience working in an MSSP or multi-tenant environment is highly desirable.Technical Skills:Strong experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar).Hands-on experience with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender).Familiarity with NDR and SOAR platforms is a plus (e.g., Darktrace, Corelight, Cortex XSOAR).Strong understanding of networking protocols, log analysis, and system administration (Windows/Linux)Knowledge of malware behaviors, phishing techniques, and MITRE ATT&CK framework.Experience with scripting and automation tools (e.g., Python, PowerShell) is a plus.Familiarity with case management tools (e.g., Jira, ServiceNow, TheHive).Certifications (preferred):CompTIA Security+, CySA+, or equivalent.GIAC certifiations (e.g., GCIH, GCIA, GCFA).CEH, or vendor-specifi certifiations (e.g., Microsoft SC-200, CrowdStrike CCFR).Key Competencies:Strong analytical and problem-solving skills.Excellent written and verbal communication—especially in client-facing documentation and briefings.Ability to handle multiple investigations and prioritize effetively under pressure.Customer-centric mindset with attention to SLA adherence and service quality.Collaborative, team-oriented, and proactive with continuous learning attitude.