Job Description:
SOC Incident Response + Threat Intelligence / Threat Hunting (L2)
Position Title
L2 Security Analyst SOC Incident Response, Threat Intelligence & Threat Hunting
Experience
4 to 6 years in Cyber Security Operations, Incident Response, Threat Intelligence, and Threat Hunting
Location
Flexible / Hybrid / Onsite
Role Summary
We are looking for an experienced L2 SOC Security Analyst with strong expertise in Incident Response (IR), Threat Intelligence (TI), and proactive Threat Hunting. The candidate will act as a senior escalation point for high-severity security incidents, conduct advanced investigations, develop threat hunting hypotheses, and provide actionable intelligence to improve the organization's overall security posture.
The role requires hands-on expertise across SIEM, EDR/XDR, network security monitoring, malware analysis, threat intelligence platforms, and cloud security monitoring.
Key Responsibilities
Incident Response & Security Operations
- Lead investigation and response activities for complex security incidents including:
- Ransomware
- Advanced Persistent Threats (APT)
- Insider threats
- Credential compromise
- Web application attacks
- Cloud security incidents
- Data exfiltration
- Lateral movement
- Privilege escalation
- Perform advanced triage and root cause analysis using:
- SIEM
- EDR/XDR
- Network telemetry
- Threat intelligence feeds
- Cloud logs
- Endpoint forensics
- Handle L2 escalations from L1 SOC analysts.
- Conduct incident containment, eradication, and recovery coordination.
- Develop and improve:
- Incident response playbooks
- Detection use cases
- Correlation rules
- SOC runbooks
- Automation workflows
- Coordinate with infrastructure, cloud, application, and business teams during major incidents.
- Prepare executive and technical incident reports with actionable recommendations.
Threat Intelligence Responsibilities
- Monitor and analyze cyber threat intelligence from:
- Commercial TI platforms
- Open-source intelligence (OSINT)
- Government/CERT advisories
- Dark web monitoring
- Vendor threat reports
- Enrich alerts with Indicators of Compromise (IOCs), TTPs, malware intelligence, and adversary attribution.
- Map adversary activities to:
- MITRE ATT&CK
- Cyber Kill Chain
- Diamond Model
- Analyze emerging threats, zero-days, ransomware campaigns, and targeted attack trends.
- Provide strategic and operational threat advisories to SOC and leadership teams.
- Create threat intelligence reports, executive summaries, and threat landscape assessments.
Threat Hunting Responsibilities
- Conduct proactive threat hunting using hypothesis-driven methodologies.
- Hunt for:
- Persistence mechanisms
- Beaconing activity
- Credential dumping
- Living-off-the-land (LOLBins)
- Command & Control (C2)
- Suspicious PowerShell activity
- Lateral movement
- Cloud anomalies
- Use telemetry from:
- SIEM
- EDR/XDR
- DNS
- Proxy
- Firewall
- Identity systems
- Cloud platforms
- Develop custom queries and analytics for detecting stealthy attacker behavior.
- Identify detection gaps and recommend logging improvements.
- Convert hunt findings into production-grade detection use cases.
Required Technical Skills
SIEM & Security Monitoring
Strong hands-on experience with one or more:
- IBM QRadar
- Microsoft Sentinel
- Splunk Enterprise Security
- ArcSight
- LogRhythm
EDR/XDR Technologies
Experience with:
- CrowdStrike Falcon
- Microsoft Defender for Endpoint
- SentinelOne
- Palo Alto Cortex XDR
Threat Intelligence Platforms
Experience with:
- Recorded Future
- Anomali ThreatStream
- MISP
- ThreatConnect
Cloud & Infrastructure Security
Knowledge of:
- Amazon Web Services security monitoring
- Microsoft Azure security services
- Google Cloud Platform logging and detections
- Identity security and IAM monitoring
- Container/Kubernetes security basics
Investigation & Analysis Skills
- Malware triage and behavioral analysis
- Windows/Linux forensic analysis
- Memory and disk artifact analysis
- Packet analysis using Wireshark
- Threat actor TTP analysis
- IOC enrichment and validation
Scripting & Automation
Good knowledge of:
- Python
- PowerShell
- KQL
- SPL
- Regex
- API integrations
- SOAR automation
Desired Certifications
Preferred certifications include:
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Intrusion Analyst (GCIA)
- Certified Threat Intelligence Analyst (CTIA)
- EC-Council Certified Ethical Hacker (CEH)
- ISC2 CISSP
- Security vendor certifications
Key Competencies
- Strong analytical and investigative mindset
- Excellent communication and stakeholder management
- Ability to work during high-pressure incidents
- Deep understanding of attacker methodologies
- Strong documentation and reporting capability
- Mentoring and guidance for junior analysts
- Ability to independently lead investigations
Preferred Exposure
- MDR/MSSP environment
- Healthcare / BFSI / Critical infrastructure domains
- Threat hunting frameworks
- Purple team exercises
- MITRE ATT&CK-based detection engineering
- SOAR platforms and automation
- Cloud-native SOC operations
Typical Deliverables
- Incident investigation reports / RCA
- Threat intelligence advisories
- Hunting reports and findings
- Detection use cases
- IOC/TTP repositories / MITRE
- Executive risk summaries
- Threat landscape assessments
- SOC maturity improvement recommendations
- Presentation skills
- Communication skills
