SOC Analyst L2

Client of emploipartner

Advanced monitoring and detection:

• Monitor and utilize alerts from security tools (SIEM, EDR, NDR, Firewall, sandbox, etc.).
• Ensure the quality and relevance of the reported events (logs, correlation, use cases).
• Identify detection gaps and propose improvements.

Analyse & investigation

• Conduct thorough investigations into security incidents.
• Analyze suspicious behavior and identify attack techniques (TTP).
• Correlate multi-source events to reconstruct attack chains.
• Perform detailed analyses (full timeline, pivoting, IOC/IOA).
• Validate or invalidate alerts raised by L1 analysts.

Incident Response

• Manage level 2 security incidents.
• Define and recommend appropriate remediation actions.
• Supporting technical teams in resolving incidents.
• Escalate critical incidents to L3 or SOC manager.

Threat Intelligence & Threat Hunting

• Leveraging Threat Intelligence sources to enrich analyses.
• Participate in Threat Hunting activities (proactive threat search).
• Identify new indicators of compromise (IOCs) and attack scenarios.
• Monitor the evolution of threats and adapt detection capabilities.

Continuous improvement

• Actively participate in the tuning of SIEM rules (reduction of false positives, improvement of detection).
• Develop and optimize detection use cases.
• Contribute to the writing and improvement of SOC playbooks.
• Propose areas for improvement in SOC processes and tools.

Coordination & support

• Provide technical support to L1 analysts.
• Participate in handovers and incident coordination.
• Collaborating with IT teams (network, systems, cloud, dev).
• Contribute to the upskilling of teams (knowledge sharing).

Reporting

• Document investigations and incidents in detail.
• Produce clear and actionable incident reports.
• Ensure full traceability of actions performed.