SOC Analyst Tier 2 (L2) – Incident Response & Threat Hunting

About the role

The SOC Analyst Tier 2 (L2) is responsible for deep investigation and analysis of security incidents escalated from Tier 1. You will work on incident response, threat hunting, detection engineering support, and advanced log correlation to protect the organization’s assets.

Key responsibilities

• Investigate escalated security incidents, determine impact, and conduct deep endpoint investigations.
• Perform threat hunting across endpoints and network logs to uncover hidden adversary activity.
• Analyze attacker behavior, persistence mechanisms, and lateral movement techniques.
• Develop, tune, and improve detection use cases, correlation rules, and SIEM/EDR alerts to reduce false positives.
• Support containment, eradication, and recovery activities in collaboration with IT and infrastructure teams.
• Produce detailed incident reports, root‑cause analyses, and regular monthly/quarterly metrics.

Required profile

• Excellent analytical and problem‑solving abilities.
• Strong interpersonal and collaborative skills for working with team members and management.
• Self‑discipline to follow playbooks and meet time‑critical requirements.
• Passion for cybersecurity and a commitment to staying current with threats, tools, and techniques.
• Willingness to learn new security technologies and incident‑response approaches.
• Excellent written and oral communication skills.

Required skills

• Experience with SIEM platforms.
• Experience with Endpoint Detection and Response (EDR) solutions.
• Threat hunting and advanced log analysis.
• Incident response and containment procedures.
• Development and tuning of detection use cases and correlation rules.