L2 SOC Analyst –
Compromise Assessment & Incident Response (with SIEM Admin Knowledge)
Role Overview: We are seeking a skilled L2 Security Analyst to support our MSSP operations team. The ideal candidate will possess a solid background in incident response and compromise assessment, as well as administration skills across various security platforms. You will work with enterprise clients to identify threats, perform in-depth investigations, and ensure platform reliability.
Location: Onsite
Key Responsibilities: Security Monitoring & Incident Handling Analyze alerts from SIEM/EDR and perform triage to validate incidents. Provide containment and eradication support in real-time. Correlate logs and conduct root cause analysis using various telemetry sources. Compromise Assessment & Generate IR reports, dashboards, and executive summaries. Lead endpoint and network-based compromise assessments for clients. Administrative & Platform Support and maintain the health of SIEM, EDR, and firewall integrations. Troubleshoot ingestion issues and optimize detection logic. Ensure secure onboarding of log sources via APIs or agent-based collectors. Threat Intel & Document IOCs and provide actionable recommendations.
Requirements: Technical Expertise, 5–7 years of experience in SOC/IR roles. Strong command of MITRE ATT&CK, Windows/Linux logs, and AD attacks. Proficient with SIEMs (QRadar, ELK, Sentinel), and forensic/packet tools. Familiarity with scripting (PowerShell/Python). Administrative Knowledge & Experience managing SIEM infrastructure. Understanding of firewall policies, email security, and cloud logs. Ability to configure connectors, fine-tune rules, and automate integrations.