Security Operations Specialist

Job Title: SOC L2 Analyst (Incident Responder)

Job Summary:

We are looking for a highly skilled and experienced SOC L2 Analyst to act as a senior incident responder within our Security Operations Center. In this advanced role, you will be the primary technical investigator for complex and escalated cybersecurity incidents. Taking ownership of threats veried by our L1 team, you will conduct deep-dive analysis to determine the full scope of an aack, identify the root cause, and lead the technical eorts to contain, eradicate, and recover from the incident. Beyond reactive response, you will proactively hunt for advanced threats within our environment and contribute to the continuous improvement of our detection and response capabilities. The ideal candidate is a seasoned cybersecurity professional with a detective's mindset, deep expertise in digital forensics and incident response (DFIR), and a passion for staying one step ahead of adversaries.

Responsibilities

● Serve as the lead investigator for escalated security incidents, conducting in-depth analysis of network trac, endpoint data, and log sources to determine the impact, scope, and nature of the threat.

● Perform advanced threat analysis by correlating data from multiple sources and leveraging threat intelligence to identify attack vectors, indicators of compromise (IOCs), and adversary tactics, techniques, and procedures (TTPs).

● Conduct digital forensic investigations, including malware analysis (static/dynamic), memory analysis, and network forensics (packet capture analysis) to understand attacker activity.

● Develop and execute containment, eradication, and recovery strategies to effectively mitigate security incidents and minimize business impact.

● Proactively hunt for undetected threats within the enterprise by developing hypotheses and using advanced analytics and security tools to search for signs of compromise that have evaded existing controls.

● Rene and enhance the organization's security posture by tuning SIEM correlation rules, developing new detection logic, and updating and creating incident response playbooks.

● Document all investigation activities, findings, and remediation steps in detailed incident reports suitable for technical, management, and legal audiences.

● Provide technical guidance and mentorship to L1 analysts, acting as a subject matter expert for incident response and threat analysis.

● Collaborate with other teams, including IT infrastructure, legal, and compliance, to ensure a coordinated response to security incidents.