Level 2 SOC Analyst

Job Description

As our SOC Level 2 Analyst, you will play a pivotal role in investigating and responding to advanced security incidents. You will perform deep‑dive investigations across SIEM, EDR, network, and endpoint telemetry, take ownership of incident containment and remediation actions, and support continuous detection improvements.

This role also includes mentoring SOC L1 analysts, contributing to threat hunting activities, and producing high‑quality incident reports and RCA documentation. You will work within a 24/7 rotating shift schedule (7 AM–3 PM, 3 PM–11 PM, 11 PM–7 AM), including weekends and holidays, with two days off per week.

Responsibilities

• Perform deep‑dive investigations of escalated incidents from SOC L1
• Analyse complex security events across SIEM, EDR, network, and endpoint telemetry
• Identify root cause, attack vectors, and determine scope of impact
• Conduct malware, phishing, and suspicious activity analysis
• Lead containment, mitigation, and remediation with IT teams
• Develop and enhance detection logic, use cases, tuning, and SOC playbooks
• Provide guidance, feedback, and mentoring to SOC L1 analysts
• Participate actively in threat hunting and proactive security analysis
• Produce detailed incident reports, RCAs, and communications for customers and management
• Support audits, compliance reviews, and post‑incident evaluations
• Manage SIEM & EDR technologies operationally and analytically
• Monitor security alerts across SIEM, EDR, IDS/IPS, firewalls, and other security platforms
  
  

About SHQ

SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone. SecurityHQ – We’re focused on engineering cybersecurity, by design.

Job Reference Number

DB002

Essential Skills

• Strong understanding of attack frameworks such as MITRE ATT&CK and the Cyber Kill Chain
• Advanced log analysis and correlation across multiple security tools
• Hands‑on experience with SIEM queries and EDR investigation workflows
• Solid knowledge of networking concepts, common protocols, and traffic analysis
• Experience handling malware, phishing, lateral movement, and privilege escalation scenarios
• Hands‑on experience with SIEM & EDR administration (preferred)
• Familiarity with cloud security across Azure, AWS, or GCP logs (preferred)
• Ability to make sound decisions under pressure and manage multiple simultaneous incidents
• Bachelor’s degree in IT, Cybersecurity, or equivalent practical experience
• 2–5 years of experience working in a SOC or security operations role

---