The SOC Analyst - Tier 2 is responsible for advanced security monitoring, incident investigation, threat analysis, and detection engineering activities within ZainTECH’s Security Operations Center (SOC). The role serves as the primary escalation point for security incidents identified by L1 analysts and plays a critical role in validating threats, conducting investigations, and supporting incident response activities across enterprise, government, and critical infrastructure environments.
Responsibilities:
Security Monitoring & Incident Investigation
- Investigate and analyze security incidents escalated by SOC L1 analysts.
- Validate security events and determine scope, impact, severity, and business risk.
- Perform advanced correlation and analysis of logs, alerts, network activity, endpoint telemetry, and threat intelligence.
- Conduct root cause analysis of security incidents and identify indicators of compromise (IOCs).
- Support incident containment, eradication, and recovery activities.
- Escalate incidents requiring specialized investigation or incident response support.
Threat Detection & Threat Hunting
- Perform proactive threat hunting activities to identify malicious activity that may bypass automated controls.
- Utilize threat intelligence sources to identify emerging threats and attacker tactics.
- Analyze attack patterns, indicators, and behaviors associated with Malware ,Ransomware ,Insider threats ,Advanced Persistent Threats (APTs)
- Identify opportunities to improve detection coverage across monitored environments.
SIEM & Detection Engineering
- Develop, tune, and optimize SIEM use cases and correlation rules.
- Support creation and maintenance of Detection logic , Dashboards ,Reports ,Alerts and Monitoring workflows
- Reduce false positives through tuning and rule optimization.
- Support onboarding and integration of new log sources.
Incident Management & Reporting
- Maintain detailed incident records and investigation documentation.
- Prepare technical analysis and incident reports.
- Support operational metrics, reporting, and service reviews.
- Ensure incident handling activities comply with established procedures and SLAs.
Technical Leadership & Knowledge Transfer
- Provide guidance and mentoring to L1 SOC Analysts.
- Support analyst development through coaching and technical knowledge sharing.
- Participate in continuous improvement initiatives and SOC maturity programs.
- Contribute to process, playbook, and procedure development.
Our Culture & Code of Conduct:
At ZainTECH, we take pride in a culture built on collaboration, innovation, and uncompromising integrity. We are looking for individuals who share these values and are committed to customer-centricity and ethical excellence. All employees are expected to uphold our Code of Conduct, which serves as a guiding framework for responsible behavior across everything we do — from how we work with each other to how we engage with clients and partners globally.
Requirements
- Bachelor's degree or intermediate diploma (minimum) from a recognised institution.
- Minimum 2 years experience in managed cybersecurity / SOC operations at an investigative level.
- At least one valid NCSC-approved SOC certification like (CSA, GSOC, GIAC, GCIA,CTIA) or another equivalent certification in the same field that is approved by the NCSC.
- Strong SIEM investigation, detection-rule development, log and network analysis, and use-case tuning.