Security Analyst L2

Overview

As a Level 2 Security Analyst in a Managed Security Service Provider (MSSP) environment, you will serve as an advanced escalation point for Tier 1 analysts, handling complex alerts and security incidents across multiple client environments. Your primary responsibility is to investigate threats in-depth, guide incident response efforts, enhance detection capabilities, and ensure clients are protected with timely and accurate responses. This role demands strong technical, analytical, and communication skills to succeed in a fast-paced, multi-tenant SOC. Key Responsibilities

Analyze and respond to escalated alerts from Tier 1 analysts across multiple clients. Conduct in-depth investigations using SIEM, EDR, NDR, firewall logs, and other security tools. Perform malware analysis, log correlation, and network traffic analysis to identify attack vectors. Execute containment, eradication, and recovery procedures using predefined runbooks and playbooks. Escalate and coordinate with Level 3 analysts or incident response teams for high-severity incidents. Provide technical guidance, support, and mentoring to Tier 1 analysts. Identify gaps in detection capabilities and recommend improvements in correlation rules, tuning, and alerts. Support proactive threat hunting initiatives based on IOCs, TTPs, and contextual threat intelligence. Monitor external threat intelligence feeds and correlate them with client telemetry to identify potential risks. Maintain clear and accurate documentation of all investigations, actions taken, and incident outcomes. Contribute to the continuous improvement of SOC processes, including the development of SOPs, playbooks, and runbooks. Ensure all activities are performed in compliance with client-specific SLAs, internal policies, and applicable regulatory standards. Participate in client-specific onboarding activities and ensure monitoring tools are correctly configured. Join incident review meetings and provide root cause analysis and post-incident reporting when required. Handle shift handovers with detailed summaries and ensure continuity of investigations and tasks. Participate in internal knowledge-sharing sessions and contribute to SOC-wide initiatives and improvements. Requirements

Education & Experience : Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field—or equivalent work experience. 2–4 years of experience in a Security Operations Center or similar cybersecurity environment. Experience working in an MSSP or multi-tenant environment is highly desirable. Technical Skills : Strong experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar). Hands-on experience with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender). Familiarity with NDR and SOAR platforms is a plus (e.g., Darktrace, Corelight, Cortex XSOAR). Strong understanding of networking protocols, log analysis, and system administration (Windows / Linux). Knowledge of malware behaviors, phishing techniques, and MITRE ATT&CK framework. Experience with scripting and automation tools (e.g., Python, PowerShell) is a plus. Familiarity with case management tools (e.g., Jira, ServiceNow, TheHive). Certifications (preferred) : CompTIA Security+, CySA+, or equivalent. GIAC certifications (e.g., GCIH, GCIA, GCFA). CEH, or vendor-specific certifications (e.g., Microsoft SC-200, CrowdStrike CCFR).

#J-18808-Ljbffr