SOC Analyst L2

Job Description

• Job Purpose
  
  

The Security Analyst L2 plays a critical role within the Security Operations Center (SOC) as a second-level responder, responsible for managing escalated cybersecurity events and incidents. This position focuses on advanced threat detection, incident triage, and comprehensive incident response, ensuring the organization's digital infrastructure remains secure and resilient against evolving threats.

The L2 Analyst leads the incident response lifecycleincluding identification, containment, eradication, recovery, and post-incident review. The role requires hands-on experience with Extended Detection and Response (XDR) platforms and Security Orchestration, Automation, and Response (SOAR) tools to automate investigation workflows, enrich alerts, and streamline response actions.

Technical responsibilities also include developing and maintaining automation scripts and playbooks using Python, Bash, or PowerShell to improve detection capabilities and operational efficiency. The analyst will work across a broad range of enterprise security tools and platforms, including but not limited to (DLP), (GRC) tools, Cloud Security Platforms (CloudSec), Database Activity Monitoring (DAM)

Success in this role requires strong analytical thinking, deep understanding of security. Technologies and operations, and effective collaboration with internal teams and external stakeholders during security investigations and escalations.

• Duties and Responsibilities
• Responsibility Area 1: Security Monitoring & Incident Response
• Handle alerts and incidents on XDR and SIEM platforms with timely triage and in-depth analysis.
• Proactively investigate suspicious activities and perform root cause analysis.
• Execute defined response actions (e.g., isolate host, disable accounts, block IPs) as per incident response playbooks.
• Guide L1 team in alert triage and assist with escalations and resolution.
• Escalate complex incidents to L3/SMEs for further investigation and threat containment.
• Maintain detailed logs of actions, findings, and resolutions on XDR and ITSM platforms.
• Participate in daily stand-ups and review meetings to ensure status tracking of alerts/incidents.
• Ensure incidents are closed in coordination with internal tech teams and customer stakeholders.
• Contribute to the development and maintenance of incident response SOPs and automation playbooks.
• Responsibility Area 2: Platform, Toolset & Use Case Management
• Support and maintain security technologies: DLP, GRC, Cloud Security tools, DAM, XDR, SOAR, and SIEM platforms.
• Work on log source onboarding, parser tuning, and normalization to ensure complete and accurate data ingestion.
• Assist in the development, testing, and refinement of detection of use cases based on evolving threats.
• Perform platform hygiene activities, agent deployment follow-ups, and tool health checks.
• Implement automation via SOAR platforms using scripting (Python, Bash, PowerShell) to improve incident response efficiency.
• Evaluate security tool performance and suggest enhancements or replacements where needed.
• Responsibility Area 3: Governance, Compliance & Advanced Threat Management
• Define and enforce monitoring and response procedures aligned with RBI, CERT-In, and internal compliance frameworks.
• Ensure incident reporting is accurate and meets regulatory timeframes and log retention policies.
• Participate in Red Team / Purple Team exercises to evaluate and strengthen detection capabilities.
• Track key SOC KPIs and generate dashboards and reports for senior stakeholders.
• Contribute on threat intelligence programs and integrate relevant IOCs and TTPs into detection logic.
• Support audits, compliance checks, and risk review meetings such as the ROC (Risk Operations Committee).
• Qualifications and Work Experience
  
  

Educational Qualifications

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or related field.
• Relevant certifications (preferred but not mandatory):
• CYSA+
• EC-Council Certified SOC Analyst (CSA)
• Any SIEM, SOAR or similar security certifications.
  
  

Work Experience

• 58 years of experience working in a Security Operations Center (SOC) environment.
• Proven track record in incident detection, response, and threat analysis.
• Experience handling XDR/SIEM alerts, conducting root cause investigations, and performing incident triage and escalation.
• Hands-on experience in log source onboarding, use case development, and platform integration across enterprise security tools.
• Familiarity with regulatory compliance frameworks (e.g. PCI-DSS, HIPAA, RBI, CERT-In, ISO 27001, etc.).
• Experience in Rotational shift work environment
• Essential Skills
• Technical Skills
• Security Platforms:
• Strong hands-on expertise with SIEM (e.g., Splunk, QRadar, Microsoft Sentinel).
• Experience with EDR/XDR solutions (e.g., CrowdStrike, Microsoft Defender, Trend Micro, Sentinel One).
• Practical knowledge of SOAR tools and playbook automation.
• Cybersecurity Tools:
• Working knowledge of Data Loss Prevention (DLP) tools, Governance Risk and Compliance (GRC) platforms.
• Experience with Cloud Security tools and configurations (AWS/Azure/GCP security tools).
• Familiarity with Database Activity Monitoring (DAM) solutions.
• Scripting & Automation:
• Proficient in scripting languages such as Python, Bash, or PowerShell to automate tasks and develop SOAR playbooks.
• Threat Intelligence & Detection:
• Understanding MITRE ATT&CK, threat modelling, and IOC/TTP-based detection.
• Experience in threat hunting, forensics, and Use case development.
• Compliance & Reporting:
• Knowledge of RBI/CERT-In incident reporting guidelines, data retention requirements, and regulatory standards. Knowledge on Security compliance like PCI-DSS, HIPAA, NIST
• Experience in creating SOPs, audit documentation, and compliance dashboards.
• Analytical and Problem-Solving Skills
• Analyze and correlate security events across multiple platforms (SIEM, XDR, EDR, firewall, cloud, etc.).
• Identify and investigate anomalies or suspicious behavior using log and alert data.
• Perform root cause analysis to determine the origin and impact of security incidents.
• Prioritize incidents based on severity, risk, and business impact.
• Develop and refine detection rules and use cases based on threat patterns.
• Troubleshoot issues related to log ingestion, detection rules, and agent health.
• Apply structured forensic investigation techniques to endpoint and network data.
• Automate repetitive tasks using scripting or SOAR playbooks to improve response times.
• Make timely decisions under pressure during high-severity incidents.
• Continuously evaluate and improve SOC processes, detection logic, and response playbooks.
• Communication Skills
• Clearly document incident details, analysis steps, and resolution actions in ITSM and XDR platforms.
• Verbal communication skills for effective collaboration with L3 analysts and IT support teams.
• Collaborate with internal IT, infrastructure, and application teams during incident handling and investigations.
• Participate in daily stand-ups and incident review meetings, providing actionable insights.
• Maintain a professional and composed communication style, especially under pressure or during high-severity incidents.
• Organizational and Interpersonal Skills
• Strong time management and ability to meet SLAs.
• Ability to work in a 24x7 rotational shift environment.
• Willingness to learn and adapt to evolving security threats and tools.
• Manage and prioritize multiple incidents, investigations, and operational tasks in a high-pressure environment.
• Maintain accurate documentation and logs for all incidents, actions taken, and communications.
• Collaborate effectively with cross-functional teams including IT, network, cloud, and compliance.
• Coordinate with external stakeholders, vendors, and clients during security investigations or platform issues.
• Support smooth handoffs during shift transitions through clear and structured communication.
• Foster strong working relationships with peers, management, and customer teams to support collaborative incident resolution.
  
  

check(event) ; career-website-detail-template-2 => apply(record.id,meta) mousedown=lyte-button => check(event) final-style=background-color:#3945A0;border-color:#3945A0;color:white; final-class=lyte-button lyteBackgroundColorBtn lyteSuccess lyte-rendered=>