SOC Analyst L2

• Provide advanced investigation of security incidents.

• Conduct secondary triage and analysis on escalated events and initial remediation for escalated incidents.

• Profile and trend events in the environment to determine if an incident needs to be created.

• Provide communication and escalation throughout the incident per the corporate security incident response guidelines.

• Communicate directly with data asset owners and business response plan owners during high severity incidents.

• Communicate with Infosec teams on detected incidents that breached SLA/OLA.

• Communicate with IT teams during incidents.

• Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets.

• Advanced analysis of alerts.

• Perform advanced analysis of log files.

• Create, analyze and review reports and dashboards.

• Perform advanced suspicions email analysis including mail header analysis, body and content or attachments.

• Validate audit evidence (Ex: internal audit, group audit, PCI audit, etc).

• Take an active part in the containment of incidents, even after they are escalated.

• Escalate issues when necessary as per OLA and procedures.

• Assist in continuous improvement of processes and work with IT teams to improve alerts and rules in the incident monitoring systems.

• Review all Level 1 Analyst documentation.

• Propose and enhance use cases.

• Assign tasks to L1 analyst.

• Performing administrative tasks per management request (ad-hoc reports / trainings).

• 2+ Years of hands-on SOC experience, covering the full spectrum of detection, analysis, investigation, alerting, reporting, and proposing remediation actions.

ITS Information Technology Solutions