What is the salary for this SOC Level 2/3 Analyst position?

Salary information for this SOC Level 2/3 Analyst position is available upon application.

What experience is required for this SOC Level 2/3 Analyst role?

This SOC Level 2/3 Analyst position requires mid_level of experience.

Where is this SOC Level 2/3 Analyst job located?

This SOC Level 2/3 Analyst position is located in Remote.

How do I apply for this SOC Level 2/3 Analyst position at Cybersecon Technologies?

You can apply for this SOC Level 2/3 Analyst position by clicking the 'Apply Now' button on this page, which will direct you to the official application portal.

SOC Level 2/3 Analyst - Remote

Cybersecon Technologies is expanding its Security Operations Centre (SOC) and is looking for three experienced SOC Level 2/3 Analysts. This remote position offers a significant opportunity to contribute to advanced cybersecurity efforts.

About the Role

As a SOC Level 2/3 Analyst, you will be instrumental in leading complex incident investigations, performing advanced threat analysis and hunting using Microsoft Sentinel and Defender XDR, and conducting digital forensics. Your role will involve driving continuous improvement in detection and response capabilities, mentoring junior analysts, refining detection engineering, and ensuring the organization's security posture remains resilient against sophisticated and evolving threats.

Key Responsibilities

Incident Response & Investigation

Receive and independently investigate escalated incidents from Level 1 analysts, performing thorough root cause analysis with Microsoft Sentinel and Defender XDR tools.
Lead end-to-end incident response activities, including containment, eradication, recovery, and post-incident reviews.
Conduct deep-dive log analysis using advanced KQL queries across Sentinel workspaces, Defender for Endpoint advanced hunting, and Microsoft 365 Unified Audit Logs.
Utilize the Microsoft Defender XDR attack story and incident graph to reconstruct comprehensive attack timelines across endpoints, identities, email, and cloud applications.
Collaborate with IT, infrastructure, and business stakeholders during active incident response, adhering to defined escalation and communication protocols.
Produce high-quality incident reports tailored for both technical and executive audiences.

Threat Hunting & Intelligence

Proactively conduct threat hunts using Microsoft Sentinel hunting queries and Defender XDR advanced hunting (KQL) informed by threat intelligence and MITRE ATT&CK TTPs.
Leverage Microsoft Threat Intelligence, Defender Threat Analytics, and Microsoft Sentinel Fusion rules to identify emerging threats and attack patterns relevant to the organization.
Hunt for threats across all Defender XDR data sources: endpoints (MDE), identities (MDI), email (MDO), and cloud applications (MDA).
Develop, maintain, and share a library of reusable KQL hunting queries for the SOC team.

Digital Forensics & Malware Analysis

Conduct host-based forensic investigations using Defender for Endpoint's live response capability, device timeline, and telemetry data.
Perform memory and disk forensics using offline tooling (e.g., Volatility, Autopsy) when Defender for Endpoint live response is insufficient.
Conduct static and dynamic malware analysis to understand threat capabilities and extract indicators of compromise (IoCs) for ingestion into Sentinel and Defender.
Manage and submit suspicious files and indicators via Microsoft Defender for Endpoint's submission portal and custom detection rules.

Detection Engineering & SOC Improvement

Develop, tune, and maintain Microsoft Sentinel analytics rules (KQL-based scheduled and NRT rules) to minimize false positives and enhance detection accuracy.
Build and maintain Microsoft Sentinel automation rules and Playbooks (Azure Logic Apps) for automated enrichment, notification, and response actions.
Design and maintain Microsoft Sentinel workbooks for SOC operational dashboards and management reporting.
Assess and optimize data connector coverage, ensuring critical log sources are ingested into Sentinel and log retention meets compliance standards.
Manage and continuously improve Defender XDR configurations: attack surface reduction (ASR) rules, endpoint detection policies, and Defender for Identity sensor coverage.
Identify and close detection gaps by mapping current Sentinel analytics coverage against the MITRE ATT&CK framework.

Mentoring & Leadership

Provide technical guidance and day-to-day mentoring to Level 1 analysts on Sentinel, Defender XDR, and investigative methodologies.
Conduct quality reviews of Level 1 incident tickets and triage decisions.
Assist in the onboarding and training of new SOC team members, including developing internal training materials for the Microsoft security stack.
Serve as an escalation point and technical authority during high-severity incidents.

Key Technical Requirements

Advanced proficiency in KQL for investigation, detection rule development, and threat hunting within Microsoft Sentinel and Defender XDR advanced hunting.
Strong hands-on experience with Microsoft Sentinel: analytics rules, workbooks, automation (Logic Apps/Playbooks), data connectors, and UEBA.
Deep working knowledge of the full Microsoft Defender XDR suite, including:

Microsoft Defender for Endpoint (MDE): endpoint detection, live response, attack surface reduction, device isolation, and vulnerability management.
Microsoft Defender for Identity (MDI): lateral movement detection, identity-based threat alerts, and Active Directory telemetry.
Microsoft Defender for Office 365 (MDO): email threat investigation, phishing analysis, and policy management.
Microsoft Defender for Cloud Apps (MDA): cloud app anomaly detection, shadow IT, and session policy enforcement.

Experience investigating identity-based attacks within Azure Active Directory (Entra ID) using Entra ID Protection and Sentinel sign-in log analysis.
Familiarity with Microsoft Defender for Cloud for Azure workload protection and cloud security posture management (CSPM).
Understanding of Microsoft Sentinel's MITRE ATT&CK coverage mapping and its application in detection engineering.

Required Qualifications & Experience

Minimum 3–5 years of experience in a SOC, incident response, or cybersecurity analyst role.
Demonstrable hands-on experience with Microsoft Sentinel and at least two Defender XDR workloads in a production environment.
Proven ability to write, tune, and optimize KQL queries for detection and hunting.
Strong understanding of attacker TTPs and the MITRE ATT&CK framework, with experience mapping detections to techniques.
Solid networking knowledge (TCP/IP, DNS, HTTP/S) and ability to analyze network telemetry.
Experience with incident response processes (containment, eradication, post-incident review).
Excellent analytical thinking, written reporting, and verbal communication skills.

Preferred Qualifications

Microsoft Certified: Security Operations Analyst Associate (SC-200) - highly desirable.
Microsoft Certified: Identity and Access Administrator (SC-300).
Microsoft Certified: Azure Security Engineer Associate (AZ-500).
GIAC certifications (GCIH, GCIA, GCFE, or GCFA).
Experience with Microsoft Sentinel SOAR automation and Azure Logic Apps development.
Experience with Microsoft Sentinel Content Hub solutions and custom content deployment.
Familiarity with Microsoft Purview for data classification and insider threat investigations.
Exposure to relevant compliance and regulatory frameworks (e.g., ISO 27001, NIST, Essential Eight, PCI-DSS).
Scripting experience in Python or PowerShell.

Preferred: Candidates available to join immediately or within 15 days.

SOC Level 2/3 Analyst

Auto Apply to 50+ AI Matched SOC Level 2/3 Analyst Jobs

Full Job Description