- Perform in-depth analysis of security incidents and escalate as necessary.
- Further investigate escalated security tickets from L1 and incidents related to IaaS, PaaS, and SaaS services. SOC Level 2 Analyst
- Monitor and assess security alerts and incidents to identify potential threats.
- Classify security incidents by category and severity and declare incidents.
- Collect and document digital evidence for forensic analysis and reporting.
- Monitor Security Analyst performance by investigating incoming events and ensuring quality detection.
- Provide detailed incident reports to management and the Incident Response (IR) team.
- Escalate or deescalate incidents to IR based on impact and severity.
- Collaborate with IR to contain, investigate, and remediate security incidents.
- Monitor SOC event intake, including ticket queues, intelligence reports, and interactions with external security groups.
- Manage full incident lifecycle and follow up with the responsible orchestrator.
- Ensure SOC event handling is timely and aligned with reporting metrics.
- Approve and, if necessary, further investigate Security Analyst- escalated events.
- Serve as the detection authority for initial incident declaration.
- Drive and monitor shift-related metrics, ensuring applicable reporting is gathered and disseminated per SOC requirements.
- Conduct security research on emerging threats and exploits to enhance SOC capabilities.
- Gather and analyze threat intelligence reports to improve detection and response.
- Mentor and guide junior SOC analysts to improve detection and response skills.
- Function as shift subject-matter experts (SMEs) on incident detection and analysis techniques.
- Serve as a backup analyst for coverage gaps to ensure business continuity.
- Support in developing use case logic for new detections or reducing false positives and report to the Implementation team for deployment.
- Collaborate with IR and SIEM Admin teams to develop and refine detection rules in security solutions (e.g., EDR, SIEM).
- Develop SOC reports based on customer requirements to enhance visibility and response efficiency.
- Review current playbooks, processes, and procedures, provide recommendations, and modify them as needed to adhere to best practices.
- L2 should have the ability to support L1 or L3 in their roles as needed, including but not limited to closing alerts, performing initial triage, conducting forensic analysis, or executing threat hunts as required.
- Actively participate in all SOC-related projects, contributing to enhancements in security operations, processes, and technologies.
- Actively participate in all major Cybersecurity incident’s meeting with vendors and stakeholders, contributing to enhancements in security operations investigation and mitigation.
Experience: 3 to 7 Years Location: New Cairo