Security Analyst L2

As a Level 2 Security Analyst in a Managed Security Service Provider (MSSP)

environment, you will serve as an advanced escalation point for Tier 1 analysts, handling complex alerts and security incidents across multiple client environments. Your primary responsibility is to investigate threats in-depth, guide incident response eforts, enhance detection capabilities, and ensure clients are protected with timely and accurate

responses. This role demands strong technical, analytical, and communication skills to succeed in a fast-paced, multi-tenant SOC. The role will also be on shift hours.

Key Responsibilities:

• Analyze and respond to escalated alerts from Tier 1 analysts across multiple clients.
• Conduct in-depth investigations using SIEM, EDR, NDR, firewall logs, and other security tools.
• Perform malware analysis, log correlation, and network traffic analysis to identify attack vectors.
• Execute containment, eradication, and recovery procedures using predefine runbooks and playbooks.
• Escalate and coordinate with Level 3 analysts or incident response teams for high-severity incidents.
• Provide technical guidance, support, and mentoring to Tier 1 analysts.
• Identify gaps in detection capabilities and recommend improvements in correlation rules, tuning, and alerts.
• Support proactive threat hunting initiatives based on IOCs, TTPs, and contextual threat intelligence.
• Monitor external threat intelligence feeds and correlate them with client telemetry to identify potential risks.
• Maintain clear and accurate documentation of all investigations, actions taken, and incident outcomes.
• Contribute to the continuous improvement of SOC processes, including the development of SOPs, playbooks, and runbooks.
• Ensure all activities are performed in compliance with client-specific SLAs, internal policies, and applicable regulatory standards.
• Participate in client-specific onboarding activities and ensure monitoring tools are correctly confgured.
• Join incident review meetings and provide root cause analysis and post-incident reporting when required.
• Handle shift handovers with detailed summaries and ensure continuity of investigations and tasks.
• Participate in internal knowledge-sharing sessions and contribute to SOC-wide initiatives and improvements.

Requirements:

Education & Experience:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or

related field—or equivalent work experience.

• 2–4 years of experience in a Security Operations Center or similar cybersecurity environment.
• Experience working in an MSSP or multi-tenant environment is highly desirable.

Technical Skills:

• Strong experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar).
• Hands-on experience with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender).
• Familiarity with NDR and SOAR platforms is a plus (e.g., Darktrace, Corelight, Cortex XSOAR).
• Strong understanding of networking protocols, log analysis, and system administration (Windows/Linux)
• Knowledge of malware behaviors, phishing techniques, and MITRE ATT&CK framework.
• Experience with scripting and automation tools (e.g., Python, PowerShell) is a plus.
• Familiarity with case management tools (e.g., Jira, ServiceNow, TheHive).

Certifications (preferred):

• CompTIA Security+, CySA+, or equivalent.
• GIAC certifiations (e.g., GCIH, GCIA, GCFA).
• CEH, or vendor-specifi certifiations (e.g., Microsoft SC-200, CrowdStrike CCFR).

Key Competencies:

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication—especially in client-facing documentation and briefings.
• Ability to handle multiple investigations and prioritize effetively under pressure.
• Customer-centric mindset with attention to SLA adherence and service quality.
• Collaborative, team-oriented, and proactive with continuous learning attitude.