SOC L2

What You Will DoMonitor and analyze security events using SIEM platforms such as Microsoft Sentinel, Splunk, Wazuh, or Google SecOps.Triage and investigate security alerts to determine their nature, severity, and impact.Perform in-depth analysis of potential security incidents and escalate confirmed threats to appropriate teams.Coordinate with Tier 1 analysts and incident response teams to ensure effective containment, eradication, and recovery.Maintain detailed documentation of investigations, actions taken, and incident resolution timelines.Refine and enhance SOC playbooks, response workflows, and detection rules.Perform proactive threat hunting using IOCs and behavioral patterns from internal and external threat intelligence.Provide insights and recommendations for system hardening, patching, and configuration improvements.Mentor and support SOC L1 analysts through technical guidance and knowledge sharing. What You Will Need3–5 years of experience in cybersecurity operations, threat detection, or IT security.Hands-on experience with at least one SIEM solution (e.g., Sentinel, Splunk, Wazuh, Google SecOps).Proficient in log analysis across diverse platforms (Windows, Linux, cloud services).Knowledge of common attack vectors, tactics, and techniques (e.g., OWASP Top 10, MITRE ATT&CK).Ability to respond calmly and effectively in high-pressure incident scenarios. Nice to HaveIndustry certifications: CompTIA Security+, SC-200, Google Security, or equivalent.Basic scripting ability (Python, PowerShell, Bash) for automation and log parsing.Exposure to cloud security monitoring (Azure Security Center, AWS GuardDuty, GCP SOC).Familiarity with case management and SOAR platforms. SOC Operational FocusDetection & Analysis: Identify real threats from false positives using contextual analysis and security telemetry.Incident Handling: Drive the incident lifecycle from identification through containment and recovery.Threat Intelligence Integration: Enrich alerts with threat intel to improve detection fidelity.Reporting & Metrics: Contribute to weekly threat trend reports, KPIs, and post-incident summaries.Continuous Improvement: Participate in SOC tuning activities and detection use-case refinement.Work ScheduleThis role operates in two rotational shifts during working days:(Morning): 7:00 AM – 4:00 PM(Afternoon): 1:00 PM – 10:00 PM