SOC Analyst L2

9 hours, 31 minutes ago
Full-time
Mid Level
Cybersecurity
CallTek

CallTek

CallTek provides Technology as a Service (TaaS) solutions, offering support services that empower technology operators and service providers to enhance their operations with comprehensive infrastructure, procurement, and lifecycle support tailored to v...

Internet Software & Services
51-250
Founded 2004

Description

  • Lead in-depth investigations of escalated cases from L1, including hypothesis-driven analysis, evidence validation, scoping, impact assessment, and timeline building.
  • Correlate telemetry across endpoint, Windows/Linux, Active Directory, firewall, proxy, DNS, IDS, and cloud logs when applicable.
  • Recommend and coordinate containment actions such as host isolation, credential resets, IOC blocks, and temporary control changes under change control and governance.
  • Determine incident severity and communicate findings clearly to technical stakeholders and executive audiences in English.
  • Identify detection gaps and improve detections by reducing false positives, closing false negatives, and proposing new rules and use cases.
  • Ensure evidence integrity and maintain proper documentation throughout investigations and handoffs.
  • Coordinate incident handoffs and collaboration with IR, IT Ops, Network, and Cloud teams.
  • Produce post-incident deliverables including probable root cause, lessons learned, and preventive actions.

Requirements

  • 2–5 years of experience in SOC, IR, Blue Team, or equivalent incident-handling work.
  • Solid networking fundamentals, including TCP/IP, DNS, HTTP/S, VPN, and NAT.
  • Experience with EDR investigations, including process trees, persistence, LOLBins behavior, and containment workflows.
  • Experience triaging Windows and Active Directory activity, including authentication patterns and suspicious logons.
  • Experience with Linux triage and analysis.
  • Experience analyzing network security controls and logs from firewall, IDS, proxy, and DNS tools.
  • Ability to produce defensible scoping and timelines based on evidence.
  • High documentation standards and the ability to perform under pressure.
  • Threat hunting experience and familiarity with MITRE ATT&CK mapping.
  • Exposure to detection engineering, including Sigma/YARA at a basic or intermediate level, use-case design, and SIEM correlation strategy.
  • Basic forensics knowledge, including acquisition concepts, triage artifacts, and memory/disk fundamentals.
  • Blue Team or incident response certifications such as GCIH, GCIA, BTL2, or SC-200 are preferred.
  • Strong spoken and written English at B2-High/C1 level, with the ability to lead technical calls and write incident summaries.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

(fluent Ukrainian) Information Security Incident Specialist (remote)

SupportYourApp 251-1K Internet Software & Services

SupportYourApp is seeking an Information Security Incident Specialist to handle security incidents for its global client support operations and strengthen incident response and security processes.

Cybersecurity SIEM
9 hours, 46 minutes ago

Cybersecurity Incident Management Expert (Intermediate / Senior)

inventYOU 1-10 Internet Software & Services

inventYOU is hiring Cybersecurity Incident Management Experts to support incident response and management for complex and critical environments.

Cybersecurity IoT
1 day, 9 hours ago

[US HFDN] Asset Protection Senior Specialist- SOC

HelloFresh 10K-50K Hotels, Restaurants & Leisure

The Special Operations Center (SOC) Asset Protection Senior Specialist at HelloFresh safeguards company assets, employees, and brand reputation by monitoring security systems, coordinating incident response, and supporting operational resilience across a global network.

2 days, 9 hours ago

ANTI-FINANCIAL CRIME INVEST ANALYST I

Inter 51-250 Banks

Inter is hiring a compliance professional to monitor, analyze, and report suspicious investment operations, helping ensure adherence to anti-money laundering, terrorism financing, and weapons proliferation regulations.

2 days, 9 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers