SOC Analyst - Level 2

This is a fully remote position, open to applicants in Pakistan.

📋 Description

• Conduct advanced triage of alerts escalated from Level 1, discerning true positives from false positives.

• Investigate security incidents across endpoint, identity, network, and cloud telemetry.

• Correlate events and map adversary actions to the MITRE ATT&CK framework while enhancing findings with pertinent threat intelligence context.

• Implement or coordinate containment measures such as host isolation (EDR), account disabling (Entra ID / IAM), and blocking indicators like IPs, domains, or hashes.

• Collaborate with Incident Response teams on high-severity or multi-system incidents, documenting actions, timelines, and evidence with a clear chain of reasoning.

• Perform hypothesis-driven threat hunting across endpoint, identity, and cloud datasets, especially during evening shifts and on rotation.

• Offer constructive feedback to Detection Engineering regarding false positives, detection gaps, and opportunities for tuning.

⛳️ Requirements

• 2–5 years of experience in a SOC, Incident Response, or a comparable hands-on blue team role.

• Proven experience managing real security incidents from start to finish, with a solid grasp of SOC workflows, escalation pathways, and on-shift discipline.

• Strong understanding of cybersecurity principles, including endpoint, network, identity, and cloud security.

• Well-versed in MITRE ATT&CK and its practical application in investigations.

• Hands-on experience with at least one modern SIEM (Microsoft Sentinel, Elastic SIEM, OpenSearch, or similar) and at least one EDR solution (Microsoft Defender for Endpoint, CrowdStrike, SentinelOne, or similar).

• Familiarity with identity and cloud telemetry (Entra ID, Office 365, AWS/Azure logs).

• Proficiency in KQL is essential; knowledge of additional query languages such as SPL or OpenSearch DQL is a bonus.

• Basic scripting skills in Python or PowerShell for automation and data enrichment.

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent practical experience).

• Certifications such as BTL1, CySA+, GCIH, Microsoft SC-200, or CompTIA Security+ are advantageous.

🏝️ Benefits

• Flexible working hours

• Professional development opportunities