1
Tier – 2 SOC Analyst
The Tier-2 SOC Analyst is responsible for performing in-depth investigations and mitigations using existing IT security tools, participating in major incident response activities, and ensuring the effective operation of SOC processes and infrastructure. This role involves engaging with Tier-1 resources, identifying opportunities for process improvements, developing security automation solutions, and maintaining key security systems like Splunk, Swimlane, and Sentinel.
Key Responsibilities
Incident Investigation and Mitigation
Perform in-depth investigation and mitigations using existing IT security tools.
Participate in major incident response (IR) activities, coordinating with internal and external resources.
Security Ticket Management
Open, triage, track, and close security tickets.
Engage with Tier-1 resources and security teams as necessary to resolve incidents.
Process Improvement
Identify and document opportunities for improvement in SOC processes and procedures.
Recommend and develop security automation solutions for Tier-1 tasks.
Automation and Scripting
Collaborate with the automation team to automate repetitive tasks using Ansible, Shell, and Python.
Contribute code to git repositories (Gitlab basics) and document changes in Markdown/Confluence.
Threat Hunting
Conduct threat hunting activities when requested, identifying potential threats and vulnerabilities.
Documentation and Change Management
Ensure updates to runbook/playbook documentation and other relevant documentation in accordance with change management standards.
Coordinate with the SOC Lead and escalate to Tier-3 and/or SOC Lead when necessary.
Infrastructure Management
Perform Splunk infrastructure monitoring and ensure service continuity.
Manage and maintain current Splunk, Swimlane, and Sentinel infrastructure.
Plan, test, and execute OS patching, upgrades, and rollouts for Splunk and Swimlane.
Manage filesystems/mounts and perform backup/restore of data repositories.
Capacity Planning and Resource Management
Conduct capacity planning and resource management to ensure optimal performance of security systems.
Technical Skills
Skills and Certifications Required:
Strong knowledge of IT security tools and incident response techniques.
Proficiency in using and managing SIEM platforms (e.g., Splunk), SOAR platforms (e.g., Swimlane), and cloud-based security solutions (e.g., Sentinel).
Experience with automation and scripting using Ansible, Shell, and Python.
Familiarity with Gitlab for code contribution and version control.
Knowledge of backup/restore processes and infrastructure management.
Soft Skills
Excellent analytical and problem-solving abilities.
Strong communication and collaboration skills.
Ability to work effectively under pressure and manage multiple tasks simultaneously.
Strong organizational and time-management skills.
Certifications
Certified Information Systems Security Professional (CISSP) – Preferred
Certified Ethical Hacker (CEH)
GIAC Certified Incident Handler (GCIH)
Comptia Security+ – Mandatory
Splunk Enterprise Certified Admin/Architect – Preferred
Swimlane Certified SOAR Administrator/Developer – Preferred
Experience
Minimum of 3-6 years of experience in a SOC environment, with a focus on incident response, threat hunting, and infrastructure management.
Proven experience in developing and implementing security automation solutions.
Hands-on experience with Splunk, Swimlane, and Sentinel platforms.
Education
Bachelor’s degree in computer science, Information Security, or a related field.
Additional Requirements
Ability to stay updated with the latest cybersecurity trends and technologies.
Willingness to work in a fast-paced, dynamic environment.
Strong commitment to continuous learning and professional development.
Willingness to work in shifts to ensure 24/7 coverage.