Key Responsibilities:

• Monitor security alerts and events from various sources, including SIEM systems, firewalls, intrusion detection/prevention systems, and endpoint protection tools.
• Perform detailed analysis of security incidents and events to identify potential threats, vulnerabilities, and breaches.
• Conduct incident triage and escalation from Tier 1, ensuring appropriate action is taken and documented.
• Investigate complex security incidents, gathering forensic data and evidence for further analysis and reporting.
• Coordinate with Tier 3 analysts and incident response teams for deep dive investigations and threat remediation.
• Create, update, and fine-tune security rules and use cases in SIEM systems to enhance threat detection and response capabilities.
• Generate and present detailed reports of security incidents, including incident timelines, impact assessments, and root cause analysis.
• Stay updated on the latest cybersecurity threats, trends, and best practices to improve detection and response strategies.
• Assist in the development and improvement of SOC procedures, runbooks, and incident response plans.
• Perform post-incident analysis to identify lessons learned and assist in developing preventative measures.

 
Skills and Qualifications:

•  Proven experience working in a Security Operations Center (SOC), preferably in a Tier 2 Analyst role.
• Strong understanding of security monitoring, incident response, and threat detection techniques.
• Familiarity with SIEM systems (Splunk or ELK) and experience using them to analyze security events.
• Knowledge of common cybersecurity threats, attack vectors, and tactics, techniques, and procedures (TTPs) used by threat actors.
• Experience with incident response and forensic analysis tools and techniques.
• Familiarity with network protocols, firewalls, intrusion detection systems, and endpoint protection technologies.
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automation and custom tool creation.
• Excellent communication and collaboration skills for working within the SOC team and with other IT and security departments.