Key skills
CloudCyber SecurityNetwork SecurityCloud SecurityFirewall
About this role
Role Overview
- Investigate security alerts escalated by SOC Level 1 analysts.
- Perform deeper analysis of suspicious activity across SIEM, EDR, network, identity, cloud, and email security platforms.
- Validate whether security events represent false positives, suspicious behavior, policy violations, or confirmed cybersecurity incidents.
- Correlate events across multiple log sources to identify attack patterns, affected assets, compromised accounts, lateral movement, malware activity, or unauthorized access.
- Determine the scope, severity, business impact, and urgency of security incidents.
- Recommend containment, eradication, and remediation actions to the appropriate technical teams.
- Create and maintain accurate incident timelines, investigation notes, evidence records, and escalation summaries.
- Support phishing investigations, endpoint compromise analysis, suspicious login reviews, malware alerts, brute-force attacks, data exfiltration indicators, and cloud security events.
- Review and improve SOC playbooks, investigation procedures, and escalation criteria.
- Provide technical guidance, coaching, and feedback to SOC Level 1 analysts.
- Identify recurring false positives and recommend tuning improvements for SIEM, EDR, and other detection platforms.
- Participate in post-incident reviews and provide recommendations to improve detection, response, and prevention.
- Support shift handovers by documenting open incidents, pending actions, and important operation contexts.
Requirements
- 2 to 4 years of experience in SOC operations, cybersecurity monitoring, incident response, security operations, network security, endpoint security, or infrastructure security.
- Previous experience as a SOC Analyst L1 or equivalent role.
- Experience investigating real security alerts and documenting incident findings.
- Practical knowledge of SIEM, EDR, identity logs, firewall logs, email security alerts, and endpoint events.
- Experience escalating incidents and recommending remediation actions.
- Preferred Certifications: CompTIA CySA+, Blue Team Level 1 / BTL1, Blue Team Level 2 / BTL2, Microsoft AZ-500, CompTIA Security+, CompTIA Network+, Cisco CCNA, Fortinet FCP / NSE, Microsoft AZ-500, as a plus for cloud/security environments, eCIR .
- Language: English C1 is required
Tech Stack
- Cloud
- Cyber Security