SOC Analyst - Level 2

Are you Robert Walters?

The Senior SOC Analyst (SOC Analyst II / L2) plays a critical role in monitoring, detecting, and responding to security threats across the company’s environments. As part of the Security Operations Center (SOC), you will perform real-time threat analysis, lead deeper investigations, and manage security alerts to protect both corporate and customer assets. This role reports to the SOC Manager and supports a 24x5 rotation under a flexible hybrid working arrangement. The position focuses on advanced log review, incident response support, detection improvement, and the creation of dashboards and reporting to strengthen SOC effectiveness. The responsibilities of the SOC Analyst II do not replace those of the SOC Analyst I; rather, they extend the role with additional ownership across investigation, reporting, and continuous improvement activities.

Key Responsibilities:

We expect this role to bring a clear contribution area in at least one of the following: Microsoft Sentinel (detection engineering), Incident Response, or Threat Hunting, and be able to share examples of their contribution.

• Monitor and investigate security alerts across SIEM/XDR and related security platforms (e.g., Microsoft Sentinel and Microsoft Defender XDR).
• Perform advanced triage and analysis by correlating logs, building incident timelines, and scoping impact across users, devices, and cloud activity.
• Own incident investigations through to resolution by coordinating containment and remediation actions, and escalating appropriately based on severity and risk.
• Respond to common threats including phishing, account compromise/suspicious sign-ins, malware, and endpoint detections impacting employees and corporate assets.
• Support incident response activities by gathering evidence, documenting findings, and contributing to post-incident reviews and lessons learned.
• Implement and fine-tune detection rules and alert logic to improve signal quality and reduce false positives.
• Maintain and enhance SOC playbooks/runbooks and recommend improvements based on observed attack patterns and operational trends.
• Produce clear reports, dashboards, and investigation summaries for stakeholders, ensuring accurate and timely communication.
• Collaborate closely with SOC colleagues and partner teams (Ops, Service Desk, Infrastructure) to drive incident resolution.
• Work effectively within a 24x5 shift rota and maintain strong operational discipline, documentation standards, and service quality.

Required Qualifications – Skills & Experience:

• Bachelor’s degree in Cyber Security, Information Technology, or a related discipline (or equivalent hands-on experience).
• 3+ years’ experience in a SOC, Incident Response, or Cybersecurity Operations role.
• Practical experience working with Microsoft security technologies, including Microsoft Sentinel, Microsoft Defender for Endpoint, and broader Microsoft Defender XDR / Microsoft security suite tooling.
• Strong working knowledge of incident triage and investigation, including alert validation, log analysis, containment support, and escalation practices.
• Comfortable producing clear technical documentation, investigation summaries, and operational reports.

Certifications (Preferred / Advantageous)

• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• CompTIA Cybersecurity Analyst (CySA+) or equivalent SOC/IR certification