SOC Security Analyst L2

About The Position

Requirements

• Ability to remain calm and effective in high-pressure security incident situations
• Ability to work directly with customers to gather requirements and provide feedback on security services
• Strong written and verbal communication skills with the ability to translate complex technical concepts into clear, understandable language
• Strong teamwork and interpersonal skills; comfortable working with a globally distributed team
• Willingness and ability to work a 24/7/365 rotating shift schedule
• Experience using SIEM solutions, Cloud App Security tools, and EDR platforms
• Advanced understanding of network protocols and network telemetry
• Knowledge of Windows and Unix forensic artifacts and analysis methods
• Expertise in endpoint, web, and authentication log analysis
• Experience creating SIEM/EDR detections
• Experience responding to modern authentication attacks (AD, Entra, OATH, etc.)
• Deep knowledge of common attack paths, including LOLBins, adversary tools, BEC attacks, AiTM, and lateral movement techniques
• Strong knowledge of SIEM workflows (preferably Microsoft Sentinel or Splunk)
• Strong knowledge of Modern authentication systems and attacks (SSO, OATH, Entra)
• Strong knowledge of Malware detection and analysis (dynamic and light static)
• Strong knowledge of Network and firewall logs, IDS/WAF, web traffic logs
• Strong knowledge of Email security and BEC attack methodologies
• Strong knowledge of Windows and Unix forensic artifacts (registry, wtmp/btmp, etc.)
• Strong knowledge of Windows PE and malicious document analysis
• Strong knowledge of Legitimate and malicious remote access methods
• Strong knowledge of O365 attack paths and common adversary techniques
• Strong knowledge of Network metadata and commonly abused protocols
• Strong knowledge of Credential harvesting tools and methodologies

Nice To Haves

• Experience countering ransomware threat actors
• Experience in intrusion analysis, incident response, digital forensics, penetration testing, or similar fields
• 3+ years of hands-on SOC/TOC/NOC experience
• GIAC certification(s)
• Additional certifications such as CISSP, Security+, Network+, CEH, RHCA, RHCE, MCSA, MCP, MCSE
• Familiarity with tools such as Microsoft Sentinel, Splunk, Microsoft Defender suite, CrowdStrike Falcon, SentinelOne
• Familiarity with GPO, LANDesk, or other IT infrastructure tools
• Experience with one or more programming languages (JavaScript, Python, Lua, Ruby, Go, Rust)

Responsibilities

• Monitor and analyze security events and alerts from SIEM platforms, endpoint logs, network telemetry, and EDR tools
• Research indicators of compromise (IOCs) and malicious activity to determine reputation and risk
• Conduct malware analysis, attacker infrastructure investigation, and forensic analysis
• Execute complex investigations and declare incidents when appropriate
• Perform live response and remote forensics on compromised endpoints
• Conduct threat hunting activities based on behavioral anomalies and curated intelligence
• Participate in and support incident response, investigation, and documentation
• Collaborate closely with BlueVoyant Incident Response teams during active intrusions
• Ensure events are accurately identified, analyzed, escalated, and documented
• Identify and tune false positives and benign detections
• Perform peer reviews and QA checks on junior analysts’ investigations
• Mentor lower-level analysts and act as the technical escalation point
• Communicate regularly with clients regarding incidents, findings, and remediation steps
• Support Customer Success teams during client engagements as required
• Assist in improving security policies, procedures, tooling, and automation

Benefits

• Equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.