Job Description
We are seeking a sharp, detail-oriented Virtual Analyst (L2) to join our dedicated Threat Management Team. This role is designed for a technical hunter-validator who excels at navigating complex security telemetry to separate signals from noise. As an L2 Virtual Analyst, you will be embedded within the client's environment, serving as the frontline expert as a expert for EDR and Email Security tools and provide remediation as well as BAU operations management for the tickets logged against these tools. The Tickets can be Security Incidents or Operational BAU.
Responsibilities
- Threat Investigation and Remediation Active monitoring of CrowdStrike Falcon and Email-Gateway related security incidents for additional context and Threat Remediation / Management. Apply advanced investigations and support IR Bridge.
- Incident Analysis & Evidence Collection Endpoint Analysis: Deconstruct CrowdStrike events by analyzing process trees, file paths, cryptographic hashes, and network connections to build a comprehensive incident narrative. Email Forensics: Review gateway logs and quarantined messages to identify malicious senders, weaponized URLs, and malicious attachments. Non-Intrusive Approach: Conduct thorough investigations and risk summaries without taking direct containment or remediation actions.
- Alert Enrichment & Escalation Enrich every validated alert with critical context, including user identity, device posture, IP/domain reputation, and mapping to the MITRE ATT&CK® framework. Compile action-ready escalation packages for L3/Client teams, including relevant screenshots, log snippets, and a clear executive summary of the threat.
- Playbook Adherence & Reporting Strictly adhere to client-specific runbooks for monitoring and triage to ensure compliance with operational boundaries. Maintain accurate incident records and timelines. Metrics & Trends: Identify and highlight recurring threat patterns or policy gaps to assist the client in long-term security posture improvement.
About SHQ
SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone. SecurityHQ – We're focused on engineering cybersecurity, by design.
Job Reference Number
IN078
Essential Skills
Technical Skills & Experience:Expertise: 2–4 years of experience in a SOC or Threat Management environment, specifically at an L2 level.
Platform Proficiency: Advanced hands-on experience with CrowdStrike Falcon (EDR) and Enterprise Email Security Gateways (e.g., Proofpoint, Mimecast, or O365 Defender).
Analytical Depth: Strong understanding of the Windows/Linux file systems, command-line interface, and network protocols. Framework Knowledge: Proven ability to map attacker behavior to the MITRE ATT&CK matrix.
Additional Desired Skills
Soft Skills:The Smart L2 Mindset: Ability to look beyond the alert and understand the why behind an incident.
Communication: Exceptional written English for drafting concise, technical escalation reports.
Adaptability: Comfortable working within a client environment and maintaining professional standards as a dedicated resource.
Education Requirement
Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent University degree
