SOC Analyst T2 – Incident Responder

About The Position

Requirements

• Multi-SIEM Proficiency: Expert-level knowledge of Microsoft Sentinel, Splunk Enterprise Security, and the ELK stack (Elasticsearch, Logstash, Kibana).
• XDR/EDR Fluency: Hands-on experience with Microsoft Defender XDR, Wazuh, and other major EDR platforms (e.g., CrowdStrike, SentinelOne).
• Query Language Mastery: Proficiency in KQL (Kusto), SPL (Splunk), and ESQL/Lucene for Elastic.
• System and Network Analysis: Strong understanding of Windows/Linux operating systems, network protocols (TCP/IP, DNS, HTTP), and the ability to interpret complex packet captures and security logs.
• Threat Frameworks: Deep knowledge of the MITRE ATT&CK framework and its application to detection mapping and incident analysis.
• Scripting and Automation: Proficiency in Python, PowerShell, or Bash for automating repetitive SOC tasks and developing custom detection tools.
• Advanced Troubleshooting: Demonstrated ability to perform root cause analysis and identify the "lateral movement" of an attacker within a network.
• Technical Pedagogy: Ability to explain complex security concepts to junior staff and guide them through the investigative process.
• Decision-Making Under Pressure: Proven ability to prioritize and make critical decisions during high-stakes security incidents.
• Strong written and verbal communication skills for reporting and collaboration.
• Experience presenting technical findings to non-technical stakeholders.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related discipline.
• 5 or more years of documented experience in a Security Operations Center, Incident Response, or Threat Intelligence role.

Nice To Haves

• Industry Standards: CISSP, GIAC GCIH (Certified Incident Handler), or GCIA (Certified Intrusion Analyst).
• Technical Certifications: CompTIA CySA+, EC-Council CSA (Certified SOC Analyst), or Microsoft SC-200 (Security Operations Analyst Associate).
• Platform Specific: Wazuh for Security Engineers, Splunk Power User/Admin, or Elastic Certified Analyst.
• MSSP Background: Experience working in a multi-tenant environment supporting multiple external clients is highly desirable.

Responsibilities

• Perform advanced threat analysis to identify, assess, and mitigate cyber threats, vulnerabilities, and insider risks.
• Conduct in-depth investigations using SIEM tools such as Splunk, Fortinet, and Microsoft Sentinel.
• Coordinate and execute comprehensive incident response plans during security breaches or cyberattacks.
• Operate and optimize security tools, including SIEM platforms, IDS/IPS, EDR, and forensic tools.
• Tune, customize, and enhance SIEM tools to improve detection and alerting capabilities.
• Provide technical guidance and mentoring to junior analysts on threat detection and SOC processes.
• Working with the SOC Team and Management to ensure thorough support of NTG and our MSP customers.
• Own Tier 2 case triage and escalation by validating alerts, documenting rationale for decisions, and maintaining alignment between automated detections and analyst determinations.
• Assist in developing and refining SOC procedures, playbooks, and response strategies.
• Document lessons learned from incident response activities and integrate them into playbooks.
• Analyze and report on security trends, vulnerabilities, and incidents.
• Provide actionable recommendations to enhance detection capabilities and mitigate security risks.
• Work closely with other teams, such as IT, engineering, and compliance, to address and mitigate security risks.
• Serve as a technical liaison between the SOC and leadership, providing updates on the security landscape.
• Mentorship of the entire SOC Team integrated into the daily operational workflow.
• Provide structured feedback from Tier 2 investigations to improve Tier 1 alert triage and refine SOC workflows.
• Perform quality assurance reviews of Tier 1 cases and provide timely, actionable coaching to improve accuracy and consistency.
• Lead case studies and after-action reviews to reconstruct the incident timeline, identify detection/response gaps, and implement improvements.
• Help junior analysts align development goals to the SOC Skill Matrix by recommending targeted training and certifications to support progression.
• Work in an environment of not only NTG’s internal environment, plus the environments of NTG’s MSP customers.
• Obtain and maintain certifications relevant to the Systems Administrator duties as well as supporting NTG’s partnership requirements with specific vendors.
• Work with and utilize AI platforms such as Copilot, Grok, Claude, Gemini, etc., to perform daily duties and automate tasks required for supporting our Intra-Company and MSP environments.