SOC Tier 2 Analyst

About The Position

Requirements

• 3-5 years of experience in SOC operations, incident response, security monitoring, threat monitoring, or related technical cybersecurity roles.
• Experience triaging escalated alerts and investigating security events using SIEM, EDR, ticketing, case management, and log analysis tools.
• Intermediate knowledge of Windows, Linux, networking, cloud, identity, endpoint, and application security concepts.
• Working knowledge of common attack techniques, incident response lifecycle activities, escalation procedures, playbooks, and evidence-handling practices.
• Ability to correlate evidence across multiple tools, develop incident timelines, and determine recommended response actions.
• Strong analytical, written documentation, communication, and collaboration skills, including the ability to guide SOC Analyst 1 personnel.

Responsibilities

• Review and investigate alerts escalated by SOC Analyst 1 or automated SOC workflows to validate severity, scope, potential impact, and required response actions.
• Analyze suspicious activity, indicators of compromise, anomalous behavior, and policy violations using logs, endpoint telemetry, network data, identity data, cloud events, and other evidence.
• Correlate evidence across security platforms to identify affected assets, affected accounts, attack paths, timeline of activity, and potential business or mission impact.
• Map observed behaviors to applicable frameworks and threat models such as MITRE ATT&CK when useful for investigation, reporting, or detection improvement.
• Support containment, eradication, and recovery activities for standard or moderate incidents in alignment with incident response plans and approved playbooks.
• Coordinate with system owners, security engineers, senior analysts, and other technical teams to gather evidence, validate impact, and support response actions.
• Escalate complex, high-impact, evidence-sensitive, or ambiguous incidents to SOC Analyst 3, SOC leadership, Forensics, Threat Hunter, Threat Intelligence Analyst, or other specialized roles as appropriate.
• Maintain accurate incident status, action tracking, and communications during investigation and response activities.
• Analyze recurring alerts, false positives, attack patterns, threat intelligence, vulnerabilities, and emerging tactics to identify opportunities to improve detection and response.
• Recommend updates to correlation rules, alert logic, dashboards, use cases, response playbooks, and triage procedures based on investigation outcomes.
• Operationalize threat intelligence in triage and investigation workflows by applying relevant indicators, adversary behaviors, vulnerabilities, and contextual reporting.
• Provide operational requirements and validation feedback to SOC Analyst 3, SOC Threat Hunter, Senior Splunk Engineer, Splunk Architect/Lead, Security Engineer, and SOC Technical Writer as appropriate.
• Document investigation activities, evidence, decisions, response actions, and outcomes clearly and accurately.
• Prepare incident summaries, ticket updates, timelines, shift handoff notes, and supporting information for after-action documentation.
• Communicate technical findings in clear operational, business, and risk language for SOC leadership and affected stakeholders.
• Provide evidence summaries and analysis notes that can be used by Forensics or specialized teams when deeper analysis is required.
• Provide escalation guidance, quality feedback, and informal mentoring to SOC Analyst 1 personnel.
• Participate in lessons-learned activities, tabletop exercises, detection reviews, and SOC process improvement efforts.
• Stay current with evolving cyber threats, vulnerabilities, detection techniques, and security operations best practices.
• Contribute to continuous improvement of SOC workflows, investigation checklists, documentation practices, and escalation procedures.