SOC Analyst ll

About The Position

Requirements

• 2+ years of hands-on experience in an L2 SOC, incident response, detection engineering, or SIEM administration role.
• 3–5 years of combined experience across cybersecurity and/or IT disciplines.
• Demonstrated experience performing deeper-level investigations beyond basic alert triage.
• Experience contributing to detection improvements, tuning, or content development.
• Strong understanding of SIEM concepts, log ingestion, parsing, and data normalization.
• Familiarity with Windows and Linux logging fundamentals.
• Experience working with security tools such as SIEM, EDR, DNS filtering, email security, and identity security platforms.
• Ability to manage multiple priorities in a fast-paced, client-facing environment.

Nice To Haves

• Experience in a multi-tenant SOC, MSSP, or MDR environment.
• Familiarity with MITRE ATT&CK, TTP-based investigations, and threat intelligence.
• Exposure to basic scripting (PowerShell and/or Python) for analysis or automation.
• Understanding of false-positive reduction and detection validation techniques.
• Ability to clearly communicate technical findings to non-technical stakeholders.
• CompTIA Security+
• Blue Team Level 1 / Level 2
• eLearnSecurity Junior Penetration Tester (eJPT)
• GIAC Foundational Cybersecurity Technologies (GFACT)
• Microsoft’s AZ-900, SC-900, MS-900
• A candidate with partial or equivalent certifications is welcome to apply.
• Highly motivated and eager to grow within offensive security.
• Highly organized and process-driven
• Affinity for technology
• Strong integrity with the ability to work in a highly confidential manner
• Collaborative and flexible with a consultative mindset
• Precise and detailed, delivering consistently high-quality results
• Comfortable in a balance of tactical and strategic focus
• Servant-hearted with a focus on improving the lives of our customers in every action and interaction

Responsibilities

• Review, analyze, and correlate SIEM alerts to determine true positives, false positives, and appropriate response actions.
• Perform advanced SOC operations, including monitoring, investigation, reporting, and response to suspicious or malicious activity.
• Conduct deeper incident investigations using SIEM, EDR, and other security telemetry.
• Analyze phishing emails for malicious indicators and provide remediation recommendations.
• Review and respond to alerts from automated security tools and monitoring platforms.
• Conduct threat research on emerging threats, attacker techniques, and vulnerabilities.
• Perform recurring health checks on security tooling and validate alignment with expected configurations.
• Maintain and enhance standard operating procedures (SOPs); create and update documentation as processes evolve.
• Prepare investigation summaries and reports for internal stakeholders and clients.
• Conduct vulnerability analysis and assist with security remediation recommendations.
• Manage and prioritize multiple client environments, investigations, and projects concurrently.
• Participate in an on-call or standby rotation as required.
• Participate in guided threat-hunting exercises using SIEM and EDR telemetry.
• Conduct hypothesis-driven investigations to identify abnormal or suspicious behavior.
• Leverage threat intelligence to enhance detections and hunting activities.
• Assist in identifying advanced, persistent, or evasive threats not caught by automated alerts.
• Document findings and recommend detection or process improvements based on hunt outcomes.
• Assist with SIEM deployments and client onboarding activities.
• Ingest, parse, and normalize logs from new data sources into the SIEM and associated platforms.
• Develop, tune, and optimize SIEM detection rules to reduce alert noise and improve fidelity.
• Write and modify SIEM queries (e.g., KQL, SPL, SQL, Lucene) to support investigations and detections.
• Build dashboards, correlation rules, and use cases tailored to specific client environments.
• Identify logging gaps and recommend improvements to increase detection coverage.
• Validate detections using real-world attack techniques, threat intelligence, and historical data.
• Map detections and investigations to MITRE ATT&CK techniques and tactics.
• Collaborate with SOC and engineering teams to continuously improve detection logic and alert quality.