Jobs
O

SOC Analyst L2

OCITHR, IN1d ago
Full-timevia indeed

Required Skills

awsazurebashgcplinuxpython

Job Description

  • *Job Description**The SOC L2 Analyst is responsible for advanced investigation, validation, and response to security incidents escalated from L1 analysts. This role focuses on deep analysis, threat detection, correlation, and containment support while ensuring incidents are handled within defined SLAs. The L2 analyst also plays a key role in tuning detection rules and improving overall SOC efficiency. **Key Responsibilities*** Perform detailed investigation of security alerts escalated by L1 team.
  • Validate true positives and eliminate false positives through log analysis and threat intelligence correlation.
  • Conduct root cause analysis for security incidents.
  • Lead incident response activities including containment, eradication, and recovery support.
  • Perform threat hunting using SIEM, EDR, firewall, and cloud logs.
  • Fine\-tune detection rules and use cases to reduce noise and improve accuracy.
  • Document incidents clearly with timeline, impact analysis, and remediation steps.
  • Coordinate with clients, infrastructure, cloud, and application teams during major incidents.
  • Support compliance reporting and audit requirements.
  • Mentor L1 analysts and assist in shift leadership when required.
  • Investigate and respond to email security incidents including phishing, malware, and business email compromise (BEC).
  • Monitor and analyze cloud security alerts from Microsoft 365, Azure, AWS, and Google Workspace environments.
  • Perform vulnerability assessment review and support remediation tracking using vulnerability management platforms.
  • Develop and maintain detection use cases aligned with MITRE ATT\&CK techniques.
  • Support automation and orchestration initiatives to improve SOC efficiency and incident response times.
  • Participate in post\-incident reviews and recommend security improvements.
  • *Required Technical Skills*** Hands\-on experience with SIEM platforms (Wazuh, Seceon aiSIEM) and Linux OS
  • Strong understanding of EDR tools (Microsoft Defender for Endpoint, CrowdStrike Falcon).
  • Knowledge of firewalls, IDS/IPS, VPN, and proxy logs.
  • Experience analyzing Windows, Linux, and cloud logs.
  • Understanding of MITRE ATT\&CK framework.
  • Basic scripting knowledge (PowerShell, Python, or Bash preferred).
  • Familiarity with ticketing tools such as ServiceNow or ConnectWise.
  • Knowledge of email security solutions such as Microsoft Defender for Office 365, Mimecast, or Proofpoint.
  • Familiarity with vulnerability management tools such as ConnectSecure, Nessus, Qualys, or OpenVAS.
  • Understanding of cloud security monitoring and logging (Azure AD, Microsoft 365, AWS CloudTrail, GCP Audit Logs).
  • Experience with threat intelligence platforms and IOC analysis.
  • Ability to create and optimize SIEM correlation rules and detection use cases.
  • Working knowledge of KQL, SPL, or equivalent query languages.
  • Basic malware analysis and forensic investigation skills.
  • *Qualifications*** 5–8 years of experience in SOC or security operations.
  • Bachelor’s degree in computer science, Information Security, or related field.
  • Certifications preferred: CEH, Security\+, CySA\+, or equivalent.
  • *Key Competencies*** Strong analytical and troubleshooting skills.
  • Ability to work in a 24x7 shift model.
  • Clear documentation and communication skills.
  • Ability to stay calm during high\-severity incidents.
  • Continuous learning mindset.
  • Strong incident management and decision\-making skills.
  • Proactive threat hunting mindset.
  • Strong stakeholder and client communication skills.
  • Ability to mentor junior analysts and drive process improvements.

Similar Jobs

Browse all jobs

Job Overview

Job type
Full-time
Work mode
On-site
Location
Gurugram
Posted
1d ago
Source
Indeed