L2 Security Operations Center Analyst - SIEM Tools

Description :

Role Overview :

The SOC Level 2 Analyst is responsible for advanced monitoring, detection, investigation, and response to security incidents within the organizations IT environment.

The L2 Analyst acts as the escalation point for Level 1 analysts, conducting in-depth analysis of security alerts, coordinating incident response, and recommending improvements to enhance the organizations security posture.

Key Responsibilities :

Monitoring & Analysis :

- Monitor and analyze security events from SIEM and other monitoring tools (e.g., Splunk, QRadar, Sentinel, ArcSight).

- Investigate escalated alerts from L1 analysts to determine true positives and identify potential threats.

- Correlate events from multiple data sources (firewalls, IDS/IPS, endpoint security, email gateways, etc.) to detect advanced attacks.

- Perform threat hunting activities to proactively identify suspicious activity or potential compromise.

Incident Response :

- Lead triage, containment, eradication, and recovery activities for security incidents.

- Conduct root cause analysis and prepare detailed incident reports.

- Escalate critical incidents to L3 analysts or the Incident Response (IR) team as needed.

- Support forensic analysis of compromised systems when required.

Threat Intelligence & Reporting :

- Integrate and utilize threat intelligence feeds to enrich alert context and improve detection capabilities.

- Document and report findings, incident summaries, and recommendations to stakeholders.

- Contribute to SOC dashboards and key performance indicators (KPIs).

Process & Improvement :

- Assist in tuning and optimizing SIEM use cases, correlation rules, and detection content.

- Mentor and support L1 analysts in technical and procedural areas.

- Recommend and implement process improvements to enhance SOC efficiency and effectiveness.

- Participate in regular SOC drills and tabletop exercises.