L2 SOC Analyst at Cyber Dome

Role Summary

• The L2 SOC Analyst provides advanced incident investigation, threat analysis, containment actions, and oversight of L1 operations within the Security Operations Centre. The role requires deeper expertise in security monitoring, root-cause analysis, incident response, threat hunting, and use of multiple security tools. The L2 Analyst supports escalated incidents, validates L1 findings, improves detection content, and works closely with the SOC Lead to enhance the organization’s security monitoring posture.

Key Responsibilities

Advanced Incident Investigation

• Handle escalated alerts from L1 and perform in-depth triage and correlation.
• Analyze attack patterns, lateral movement indicators, persistence mechanisms, and suspicious behaviors.
• Perform root-cause analysis (RCA) and determine the scope of compromise.
• Execute approved containment actions (disable account, isolate host, block IOC).

Threat Hunting & Detection Enhancement

• Conduct proactive threat hunting using SIEM queries, IOC searches, and behavioral analysis.
• Enhance detection logic by tuning noisy rules and creating new use cases.
• Research new exploits, malware, and vulnerabilities and integrate them into SOC processes.

Incident Response Coordination

• Lead response activities for medium to high-severity incidents.
• Collaborate with IT, cloud, and endpoint teams during containment and recovery.
• Support evidence collection for digital forensics.
• Prepare incident timelines and investigation summaries.

SOC Process & L1 Oversight

• Validate L1 triage quality and provide coaching where necessary.
• Ensure SOC SOPs, runbooks, and escalation matrices are adhered to.
• Assist in onboarding new log sources into the SIEM.
• Improve shift handovers and SOC documentation quality.

Reporting & Compliance

• Prepare detailed incident reports (IRs), weekly/monthly SOC reports, and dashboards.
• Ensure all escalations and actions are recorded in JIRA.
• Support ISO 27001, NDPR, and audit processes.

REQUIRED SKILLS & COMPETENCIES

Technical Skills

• Strong understanding of attack lifecycles and threat actor TTPs.
• Proficiency with SIEM tools: Securonix, Splunk, Rapid7 InsightIDR.
• Ability to analyze endpoint, server, cloud, and authentication logs.
• Experience with EDR platforms (CrowdStrike, Sophos, Microsoft Defender for Endpoint).
• Strong Windows and Linux internals knowledge.
• Ability to map findings to the MITRE ATT&CK framework.
• Familiarity with threat intelligence tools (VirusTotal, AbuseIPDB, ANY.RUN, OTX).

Soft Skills

• Strong investigative and analytical skills.
• Excellent communication and documentation abilities.
• Ability to mentor and support L1 analysts.
• High attention to detail.
• Calm and effective during major security incidents.

Work Experience 

• 2–4 years SOC, security monitoring, or incident response experience.
• Experience handling real-world incidents is a strong advantage.

Key Performance Indicators (KPIs)

• Accuracy and depth of incident investigations.
• Reduction of false positives through tuning.
• SLA compliance for escalated incidents.
• uality of threat hunting outputs.
• uality of JIRA documentation.
• Effectiveness in supporting L1 analysts.
• Tools & Technologies Familiarity (Preferred) 
• SIEM: Securonix, Splunk, Rapid7 InsightIDR
• EDR: CrowdStrike, Sophos, Microsoft Defender for Endpoint
• Ticketing: JIRA
• Threat Intelligence: VirusTotal, AbuseIPDB, OTX, ANY.RUN
• Forensics Tools (Good to Have): FTK Imager, Autopsy, Sysinternals Suite, Wireshark