Lead Tier 2 SOC Analyst / Engineer

Position Overview

We are looking for a motivated Tier 2 SOC Analyst with SOC Engineering skills to join our cybersecurity operations team. This hybrid role combines the investigative expertise of a Tier 2 Analyst with the technical acumen of a SOC Engineer. You will be responsible for investigating and responding to complex security incidents while also helping to improve, tune, and automate SOC tools and processes to enhance overall detection and response capabilities.

Key Responsibilities

Incident Response & Threat Analysis

• Investigate escalated alerts from Tier 1 analysts and determine incident scope, impact, and severity.
• Execute containment, eradication, and recovery actions as part of incident response.
• Perform deep-dive forensic analysis of endpoints, networks, and log sources.
• Conduct proactive threat hunting using IOCs, MITRE ATT&CK TTPs, and behavioral patterns.

SOC Engineering & Tooling

• Configure, maintain, and tune SIEM and SOAR platforms to optimize detection and response.
• Develop and refine correlation rules, dashboards, and automated response playbooks.
• Integrate log sources, EDR, IDS/IPS, firewalls, and cloud platforms into the SOC ecosystem.
• Automate repetitive tasks (IOC enrichment, case management, report generation) to improve efficiency.

Detection & Use Case Development

• Design and implement new detection use cases aligned with evolving threats.
• Conduct gap analysis against attacker techniques to strengthen detection coverage.
• Work closely with Tier 1 and Tier 3 analysts to validate and improve detection rules.

Collaboration & Escalation

• Mentor Tier 2 SOC analysts and provide technical guidance during investigations.
• Escalate high-severity or complex incidents to Tier 3 or Incident Response teams.
• Partner with IT/security engineering to address vulnerabilities and improve defenses.

Reporting & Continuous Improvement

• Document all incidents, actions taken, and lessons learned.
• Contribute to SOC playbooks, standard operating procedures, and runbooks.
• Provide metrics and insights to improve SOC performance and maturity.

Governance, Risk & Compliance Support

• Ensure logging and monitoring meet compliance and regulatory requirements.
• Provide input for audit readiness and evidence collection.
• Ensure the SOC design aligns with compliance frameworks (e.g., NIST, GDPR, SOX).

Mentorship & Knowledge Sharing

• Provide training and guidance to Tier 2 SOC analysts on new tools and use cases.
• Document SOC architecture, workflows, and best practices.
• Act as a technical advisor for security projects across the organization.

Qualifications & Skills

• Education & Experience
• • Bachelor’s degree in Cybersecurity, Information Technology, or related field (or combination of education and related experience or equivalent work experience).
  • 3–5 years of experience in SOC operations, incident response, or cybersecurity engineering.
• Technical Skills
• • Strong knowledge of SIEM platforms (e.g., Splunk, Sentinel, QRadar, ArcSight).
  • Experience with EDR tools (e.g., Defender, CrowdStrike, SentinelOne).
  • Familiarity with SOAR platforms and security automation.
  • Proficiency in scripting (Python, PowerShell, Bash) for automation and enrichment.