Sr Analyst

Job Summary

job Summary : The SOC Operations Analyst L2 is responsible for monitoring and analyzing security alerts using tools like Microsoft Sentinel. The role includes investigating incidents, identifying real threats, and supporting response and remediation activities. The analyst works on alerts escalated from L1, performs log analysis, and helps improve detection by fine-tuning rules. They also support threat hunting, automation, and maintain proper documentation and reports. This role requires good knowledge of SIEM tools, security logs, and common cyber threats, along with close coordination with internal security and IT teams.** Job Description :** Tools & Technologies\\r\\n\\r\\n \\r\\n\\r\\nEDR tools (Microsoft Defender, Crowd Strike, Carbon Black)\\r\\n\\r\\n Email security tools\\r\\n\\r\\n Vulnerability tools (Qualys, Nessus)\\r\\n\\r\\n \\r\\n\\r\\n Querying & Analysis\\r\\n\\r\\n \\r\\n\\r\\nKQL / SPL / Query languages\\r\\n\\r\\n Log correlation and pattern analysis\\r\\n\\r\\n \\r\\n\\r\\n Systems & Networking\\r\\n\\r\\n \\r\\n\\r\\n Networking basics (TCP/IP, DNS, HTTP, VPN)\\r\\n\\r\\n Windows & Linux fundamentals

Key Responsibilities

Job Responsibilities : Job Role: Sentinel (SOC operation analyst L2) Skill set: SOC operation L2 Job description: SOC analyst L2 Key Responsibilities 🔹 Threat Monitoring & Analysis Monitor security alerts from SIEM tools (Sentinel, Arc Sight, Splunk, QRadar) Perform in-depth analysis of escalated incidents (L1 → L2) Validate true positives and eliminate false positives 🔹 Incident Investigation & Response Conduct root cause analysis (RCA) for security incidents Perform log correlation across multiple sources (EDR, Firewall, AD, Cloud logs) Support incident containment and remediation actions 🔹 Use Case Tuning & Optimization Fine-tune SIEM correlation rules and alerts Reduce noise and improve detection accuracy Map detections to MITRE ATT&CK; framework 🔹 Threat Hunting (Proactive) Perform proactive threat hunting using SIEM, EDR, and threat intelligence Identify hidden or advanced threats not detected by rules Develop hypotheses-based hunting scenarios 🔹 Automation & Playbooks Support SOAR playbook execution (Sentinel Logic Apps, etc.) Assist in developing automation for repetitive tasks Integrate SIEM with ticketing systems (Service Now) 🔹 Reporting & Documentation Document incidents, findings, and recommendations Prepare incident reports, dashboards, and metrics Maintain SOPs, runbooks, and knowledge base 🔹 Collaboration Work closely with L1 analysts, L3 engineers, and IR teams Coordinate with IT teams for remediation actions Support audits and compliance activities Technical Skills Required Core Skills Hands-on experience with SIEM tools (Sentinel / Arc Sight / Splunk / QRadar) Strong understanding of logs: Windows Event Logs Syslog / Firewall logs Cloud logs (Azure/AWS/GCP) Detection & Security Knowledge MITRE ATT&CK; framework Cyber Kill Chain Threat vectors: phishing, malware, ransomware, insider threats

Skill Requirements

Skill Requirement : Core Skills Hands-on experience with SIEM tools (Sentinel / Arc Sight / Splunk / QRadar) Strong understanding of logs: Windows Event Logs Syslog / Firewall logs Cloud logs (Azure/AWS/GCP) Detection & Security Knowledge MITRE ATT&CK; framework Cyber Kill Chain Threat vectors: phishing, malware, ransomware, insider threats

Other Requirements

Other Requirement : Tools & Technologies EDR tools (Microsoft Defender, Crowd Strike, Carbon Black) Email security tools Vulnerability tools (Qualys, Nessus) Querying & Analysis KQL / SPL / Query languages Log correlation and pattern analysis Systems & Networking Networking basics (TCP/IP, DNS, HTTP, VPN) Windows & Linux fundamentals