Cybersecurity Jobs List logo
Cybersecurity Jobs List
  1. Home
  2. Jobs
  3. SOC Analyst
  4. SOC Analyst L2
CallTek logoCA
CallTekcalltekinc.com

SOC Analyst L2

Worldwide (Remote)Full-time1h ago

As a SOC Analyst L2, you will lead deeper investigations of escalated cases, confirm incidents, determine scope and impact, drive containment actions with internal teams, and produce high-quality technical communications and post-incident outputs. You will also contribute to detection improvement (tuning, new detections, playbook updates).

Responsibilities:

  • Take escalations from L1 and perform in-depth investigations: hypothesis-driven analysis, evidence validation, scoping, impact assessment, and timeline building.
  • Correlate telemetry across endpoint (EDR), Windows/Linux, AD, firewall/proxy/DNS/IDS, and (when applicable) cloud logs.
  • Recommend and/or coordinate containment actions (host isolation, credential resets, IOC blocks, temporary control changes) following change control and governance.
  • Determine severity and communicate clearly in English to technical stakeholders; provide concise executive-style updates when required.
  • Identify detection gaps and drive improvements: reduce false positives, close false negatives, propose new rules/use cases.
  • Ensure evidence integrity and proper documentation, coordinate handoffs with IR, IT Ops, Network, and Cloud teams.
  • Produce post-incident deliverables: probable root cause, lessons learned, and preventive actions.

Requirements

  • 2–5 years in SOC/IR/Blue Team (or equivalent demonstrated incident-handling experience). Solid fundamentals in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
  • EDR investigations (process trees, persistence, LOLBins behavior, containment workflows).
  • Windows/AD triage (authentication patterns, suspicious logon behavior, account activity) and Linux triage.
  • Network analysis and security controls (firewall/IDS/proxy/DNS), recognizing anomalous patterns.
  • Proven ability to produce defensible scoping and timelines based on evidence.
  • High documentation standards and the ability to perform under pressure.
  • Threat hunting experience and MITRE ATT&CK mapping.
  • Detection engineering exposure (Sigma/YARA at a basic/intermediate level), use-case design, and SIEM correlation strategy.
  • Basic forensics capabilities (acquisition concepts, triage artifacts, memory/disk fundamentals).
  • Certifications aligned to Blue Team / IR (e.g., GCIH/GCIA, BTL2, SC-200, etc.).
  • Strong spoken and written English (B2-High/C1 preferred) — able to lead technical calls, write incident summaries, and investigation notes.

Categories

SOC Analyst
Incident Response
Security Operations
Cybersecurity
Threat Hunting

Skills

SOC
Incident Response
Blue Team
EDR
Active Directory
Windows
Linux
Firewall
IDS
DNS
Proxy
MITRE ATT&CK
Sigma
YARA
SIEM
Threat Hunting
Forensics
TCP/IP
Network Analysis
Detection Engineering