As a Level 2 Cyber Defense Operations Center (CDOC) Senior Analyst, you will work in advanced security operations with a focus on SIEM and SOAR technologies, driving detection and response.

Youll be responsible for helping L3 in optimizing detection rules and managing high-severity incidents from triage to resolution.

Your primary responsibility will be helping Level 1 analyst in analysis of incidents and assisting Level 3 on day-to-day operation.

This role requires medium level technical expertise, team player quality, and a proactive approach to evolving threats.

Qualifications & Experience :

- Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.

- A Master's degree or relevant certifications (e.g., SANS/GIAC, ECIH, GCIH, CEH, DFIR) may be preferred.

- 4-7 years of total experience in SOC in a large multi-national organization or in a known MSSP.

- In addition, candidate should possess at least 2 years of working experience on SOAR solutions.

Responsibilities :

- Run daily SOC operations including SIEM/SOAR tuning, alert triage, and coordinated incident response to ensure effective real-time threat monitoring.

- Handlle end-to-end security incident analysis, containment, mitigation, and reporting, leveraging SIEM/SOAR insights and cross-team coordination for swift resolution.

- Work on high priority incidents or escalated incidents from L1.

- Assist L3 in any adhoc investigation, fine-tuning security solution.

- Continuously enhance SIEM/SOAR/XDR alert use cases and threat detection capabilities.

- Research emerging threats, vulnerabilities, and attack techniques to improve defenses.

- Document incident response activities and produce detailed reports for stakeholders.

- Conduct post-incident reviews to drive improvements in tools, processes, and readiness.

- Maintain detailed incident records, contribute to reporting, and support audit readiness.

- Guide and train junior analysts, promoting best practices and continuous improvement within the SOC.

- Stay up to date on emerging threats and technologies to continuously evolve SOC capabilities.

- Support comprehensive asset inventory and ownership mapping to ensure full monitoring coverage.

Technical & Soft Skills :

- Deep hands-on experience with technologies like SIEM, SOAR, XDR such as Google Chronicle, Crowdstrike Logscale, Splunk.

- Strong working knowledge of endpoint security tools and concepts, including EDR (CrowdStrike, Defender, Cortex), DLP, and MDM.

- Strong knowledge of MITRE ATT&CK, NIST CSF frameworks, and cyber kill chain concepts.

- Good understanding of network security, operating systems, and hybrid cloud environments (Cloud, On-Prem, VDI).

- In-depth knowledge of threat landscapes and technical security concepts.

- Strong grasp of network protocols, OS internals, and security technologies.

- Familiar with compliance standards such as NIST CSF and ISO 27001.

- Ability to work under pressure, especially during critical security incidents.

- Ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations.

- Skilled in developing professional documentation and detailed reporting (including PowerPoint presentations), including policies, standards, processes and procedures.

- Very high attention to detail, with strong skills in managing/presenting data and information.

- Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills.

- Good communication and interpersonal skills to effectively collaborate with stakeholders, and internal teams.