L2/L2.5 Security Operations Center

Position OverviewWe are seeking a skilled and detail-oriented L2/L2.5 Security Operations Center (SOC) Analyst to join our Security Operations team. This role sits at the critical intersection of threat detection, incident investigation, and escalation management. The successful candidate will be responsible for identifying, investigating, and responding to security threats while mentoring L1 analysts and collaborating with senior security teams.Position Type: Full-timeLocation: (On-site / Hybrid / Remote)Experience Level: 8 years in cybersecurity/SOC operations.Key ResponsibilitiesTier 2 Incident Analysis & Investigation (45%)Alert Triage & Investigation:· Analyze and investigate alerts/incidents escalated from L1 analysts· Determine incident severity, scope, and impact on business operations· Conduct root cause analysis for security events and anomalies· Perform deep-dive forensic analysis on suspicious activities· Create detailed incident investigation reports with findings and recommendationsThreat Assessment:· Classify and categorize threats (malware, ransomware, APT, credential theft, data exfiltration, etc.)· Evaluate threat credibility and validate true positives vs. false positives· Assess threat actor capabilities, tactics, techniques, and procedures (TTPs)· Determine data exposure and potential impact on organizationIncident Containment & Response:· Execute immediate containment measures to prevent threat propagation· Isolate affected systems from network when necessary· Coordinate with IT Operations for system remediation and recovery· Recommend and implement mitigation strategies· Participate in incident response playbook executionSIEM & Security Tool Management (25%)SIEM Platform Operations:· Monitor and manage SIEM (Security Information and Event Management) platform· Create, modify, and optimize detection rules and correlation searches· Develop custom dashboards and reports for security monitoring· Tune alert thresholds to reduce false positives while maintaining detection sensitivity· Maintain SIEM data integrity and log ingestion from all security sourcesSecurity Tool Administration:· Manage and maintain EDR (Endpoint Detection & Response) solutions· Monitor firewall logs, IDS/IPS alerts, and network anomalies· Review and escalate VPN access anomalies and unusual traffic patterns· Manage DLP (Data Loss Prevention) incidents and policy violations· Monitor and respond to vulnerability scanner findings and exploit attemptsLog Analysis & Threat Hunting:· Perform manual log analysis to identify suspicious patterns and anomalies· Conduct proactive threat hunting campaigns based on threat intelligence· Search for indicators of compromise (IOCs) across infrastructure· Analyze logs from Windows/Linux systems, applications, and network devices· Create hunt packages and queries for recurring threat patternsEscalation & Ticket Management (15%)Alert Routing & Escalation:· Escalate incidents to L3 analysts and specialized teams (incident response, forensics, threat intelligence)· Determine appropriate escalation path based on incident severity and type· Provide clear handoff documentation to specialized teams· Monitor ticket status through resolution· Perform quality assurance on closed ticketsTicket Management:· Document all investigations in ticketing system with comprehensive notes· Maintain incident timeline and evidence chain of custody· Update incident status and metrics tracking· Meet SLA requirements for investigation and escalation (typically 4-8 hours for critical incidents)· Generate metrics reports for team and management reviewL1 Analyst Support & Mentoring (10%)Knowledge