Role: Security Analyst (L2)- Threat Lead
Industry Type: IT Services & Consulting
Department: IT & Information Security
Employment Type: Full Time, Permanent
Role Category: IT Security
UG: Any Graduate
PG: Any Postgraduate
We are seeking a skilled Security Analyst (L2) to join our Security Operations Center (SOC). The ideal candidate will be responsible for monitoring, investigating, and responding to security alerts and incidents across enterprise environments. The role requires hands-on experience in threat analysis, incident investigation, log analysis, threat hunting, and security monitoring using SIEM and related security technologies.
Key Responsibilities
Monitor, analyze, and investigate security alerts generated from SIEM, UEBA, NDR, EDR, and other security monitoring platforms.
Perform detailed analysis of security events and incidents to determine scope, impact, root cause, and remediation requirements.
Validate and triage alerts escalated from L1 analysts, identifying false positives and genuine security threats.
Conduct threat hunting activities using indicators of compromise (IOCs), threat intelligence feeds, behavioral analytics, and anomaly detection techniques.
Investigate suspicious activities across network, endpoint, cloud, and user environments using security logs and telemetry data.
Analyze Windows, Linux, Active Directory, firewall, proxy, DNS, email, endpoint, and cloud security logs to identify malicious activity.
Utilize MITRE ATTCK framework and threat intelligence sources to map adversary behaviors and improve detection capabilities.
Document investigation findings, incident timelines, root cause analysis, and remediation recommendations.
Support incident response activities by collecting evidence, performing preliminary forensic analysis, and coordinating with L3 analysts and incident response teams.
Assist in developing and tuning SIEM correlation rules, use cases, detection content, and monitoring dashboards to improve threat detection effectiveness.
Participate in security monitoring reviews, threat-hunting exercises, and continuous improvement initiatives within the SOC.
Required Qualifications
Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Minimum 4 years of experience in Security Operations Center (SOC), Security Monitoring, Threat Detection, or Incident Analysis roles.
Hands-on experience with enterprise SIEM platforms such as Splunk, IBM QRadar, Microsoft Sentinel, ArcSight, or LogRhythm.
Strong understanding of security monitoring, incident investigation, threat analysis, and log correlation techniques.
Knowledge of network protocols, TCP/IP, DNS, HTTP/S, firewalls, VPNs, and endpoint security technologies.
Experience analyzing Windows, Linux, Active Directory, cloud, and network security logs.
Familiarity with MITRE ATTCK framework, threat intelligence concepts, and cyber attack methodologies.
Basic understanding of digital forensics, malware analysis, and incident response processes.
Mandatory Certifications (Anyone)
CompTIA CySA+
CEH (Certified Ethical Hacker)
GCIH
GCIA
Blue Team Level 1 (BTL1)
Security+
Preferred Skills
SIEM Monitoring Analysis
Threat Hunting
Incident Investigation
Log Analysis
Threat Intelligence
MITRE ATTCK Framework
Windows Linux Security
Network Security Monitoring
EDR / XDR Platforms
Security Operations
Disclaimer: This job posting has been aggregated from external source. Role details, content, and availability are subject to change. Applicants are advised to confirm the latest information directly on the company website before applying.