Role Purpose
The SOC Analyst (Tier 2) acts as the escalation point for Tier 1 analysts, performing in-depth investigation, analysis, and incident response. The role involves monitoring, detecting, analyzing, and responding to cybersecurity events across client environments, ensuring timely resolution, and maintaining a secure IT infrastructure.
- Core Responsibilities:
- Act as technical escalation point for Tier 1 analysts.
- Analyze logs for suspicious activity; participate in containment and incident handling.
- Assist Tier 3 in systems breach investigations.
- Work with vulnerability management, open incident tickets, and ensure timely patching.
- Maintain whitelists/blacklists in SIEM (e.g., Azure Sentinel), manage suspicious IPs.
- Track SLAs, document incident responses, update knowledge base articles, share security news within the team
- Experience & Skills:
- 3-5 years in IT infrastructure support + 2-3 years as Tier 2 SOC Analyst or Threat Hunter.
- Advanced knowledge of networks and security technologies; familiar with SIEM tools (QRadar, McAfee ESM, Azure Sentinel).
- Understanding of MITRE ATT&CK framework, ITIL processes, risk management.
- Communication, documentation, customer-focused skills important.
- Qualifications:
- Suitable certifications such as ITIL Foundation, CEH, Azure Sentinel SC-200/AZ-500, CompTIA A+, N+, S+. CEH, CySA+, CASP+ are advantageous.
- Degree or Diploma in Computer Technology.
- Eligible for National Security Clearance
Desired Skills:
- QRadar
- McAfee ESM
- Azure Sentinel