L2/L3 SOC Analyst - SIEM Tools

SOC Analyst Job Description

Job Summary :

Key Responsibilities :

SOC Analyst L2

- Investigate and triage alerts to identify false positives and real incidents.

- Perform initial incident response actions (isolate systems, reset credentials).

- Escalate high-severity or complex incidents to L3 analysts.

- Document findings, actions, and recommendations in ticketing systems.

- Work with threat intelligence feeds to understand attack trends and indicators.

- Support vulnerability management efforts and patch validations.

- Assist in playbook execution and incident lifecycle management.

SOC Analyst L3

- Perform in-depth forensic investigations, malware analysis, and root cause analysis.

- Develop and tune SIEM detection rules and use cases.

- Mentor L1/L2 analysts and review their investigations.

- Threat hunting using behavioral analytics and threat intelligence sources.

- Collaborate with threat intelligence teams for proactive defenses.

- Work closely with other teams (IT, Cloud, Endpoint) for coordinated responses.

- Create and maintain runbooks, incident reports, and compliance documentation.

Required Skills and Qualifications:

For Both Roles:

- Familiarity with tools: SIEM (Sentinel/Splunk/QRadar), EDR (Defender, CrowdStrike), SOAR platforms.

- Hands-on experience in log analysis, network traffic analysis, and endpoint investigations.

- Understanding of firewalls, proxies, IDS/IPS, and cloud security.

L2 Specific :

- Good understanding of the incident handling process.

- Basic scripting or automation knowledge (PowerShell, Python) is a plus.

L3 Specific :

- Advanced knowledge of threat analysis, malware reverse engineering, and threat hunting.

- Experience in tuning and optimizing SIEM/SOAR rules.

- Industry certifications preferred (e.g., GCIA, GCIH, CEH, CISSP, Microsoft SC-200, SC-300).