L2 SOC Analyst at Cyber Dome

We invite applications from suitably qualified candidates. Role Summary

• The L2 SOC Analyst provides advanced incident investigation, threat analysis, containment actions, and oversight of L1 operations within the Security Operations Centre. The role requires deeper expertise in security monitoring, root-cause analysis, incident response, threat hunting, and use of multiple security tools. The L2 Analyst supports escalated incidents, validates L1 findings, improves detection content, and works closely with the SOC Lead to enhance the organization’s security monitoring posture.

Key Responsibilities Advanced Incident Investigation

• Handle escalated alerts from L1 and perform in-depth triage and correlation.

• Analyze attack patterns, lateral movement indicators, persistence mechanisms, and suspicious behaviors.

• Perform root-cause analysis (RCA) and determine the scope of compromise.

• Execute approved containment actions (disable account, isolate host, block IOC).

Threat Hunting & Detection Enhancement

• Conduct proactive threat hunting using SIEM queries, IOC searches, and behavioral analysis.

• Enhance detection logic by tuning noisy rules and creating new use cases.

• Research new exploits, malware, and vulnerabilities and integrate them into SOC processes.

Incident Response Coordination

• Lead response activities for medium to high-severity incidents.

• Collaborate with IT, cloud, and endpoint teams during containment and recovery.

• Support evidence collection for digital forensics.

• Prepare incident timelines and investigation summaries.

SOC Process & L1 Oversight

• Validate L1 triage quality and provide coaching where necessary.

• Ensure SOC SOPs, runbooks, and escalation matrices are adhered to.

• Assist in onboarding new log sources into the SIEM.

• Improve shift handovers and SOC documentation quality.

Reporting & Compliance

• Prepare detailed incident reports (IRs), weekly/monthly SOC reports, and dashboards.

• Ensure all escalations and actions are recorded in JIRA.

• Support ISO 27001, NDPR, and audit processes.

REQUIRED SKILLS & COMPETENCIES Technical Skills

• Strong understanding of attack lifecycles and threat actor TTPs.

• Proficiency with SIEM tools: Securonix, Splunk, Rapid7 InsightIDR.

• Ability to analyze endpoint, server, cloud, and authentication logs.

• Experience with EDR platforms (CrowdStrike, Sophos, Microsoft Defender for Endpoint).

• Strong Windows and Linux internals knowledge.

• Ability to map findings to the MITRE ATT&CK framework.