We are seeking a skilled and proactive Tier 2 Security Operations Centre (SOC) Analyst to play a critical role in our 24x7 Security Operations Centre.
As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. You’ll take ownership of more complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures.
This is an excellent opportunity for an experienced security analyst ready to take the next step — with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands‑on environment.
Key responsibilities for this role may include:
Incident Detection & Response:
Lead the triage, investigation, and classification of security events using SIEM and other tooling
Take ownership of end‑to‑end handling of medium to high‑severity incidents, coordinating containment and remediation efforts
Maintain detailed incident records, including timelines, impact assessments, root cause analysis, and mitigation steps
Act as an escalation point for Tier 1 analysts, guiding initial response actions and validating escalations
Threat Intelligence and Analysis:
Perform in‑depth analysis of suspicious activity, identifying indicators of compromise and attribution patterns
Lead threat intelligence sharing within the organisation and with external partners
Mentor Tier 1 staff in interpreting threat data and logs during investigations
Security Monitoring and Detection Engineering:
Conduct continuous security monitoring of network traffic, endpoints, and critical systems
Proactively tune and improve SIEM rules, alerts, and correlation logic to reduce false positives and increase detection fidelity
Support onboarding of new data sources into SIEM and help define parsing, enrichment, and correlation logic
Lead investigations into recurring false positives or noisy alerts and propose sustainable resolutions
Support deployment and configuration of security tooling
Compliance, Reporting and Documentation:
Lead security audits and assessments, providing evidence of SOC activities and controls
Maintain accurate records of all events handled, including triage notes and escalation details.
Lead the delivery of incident and vulnerability summaries to the management team and customers as part of Service Reviews or Security Working Groups
Lead post‑incident reviews and document lessons learned
Ensure compliance with industry standards, regulations, and internal security policies
Prepare and present regular reports and metrics on SOC operations and overall security posture
Vulnerability Management:
Coordinate and support risk‑based prioritisation of vulnerability remediation efforts
Support vulnerability lifecycle management, including exception handling, patch validation, and reporting
Provide vulnerability remediation guidance based on CVSS scores, threat context and business impacts
Collaboration and knowledge sharing:
Act as a technical mentor to Tier 1 analysts, supporting their development and escalation handling
Work closely with other IT teams (e.g., Network, Architecture, and Development teams) to identify and resolve security issues
Share insights, threat intelligence, and incident learnings to improve the overall security posture of the organization
As a T2 SOC Analyst, you will have:
- 1 to 5 years of hands‑on experience in a SOC or similar security operations role, with demonstrable exposure to alert triage, incident response, security monitoring, and threat analysis
- Experience handling real‑world security incidents and working with SIEM, EDR, or vulnerability management tools
- Candidates with strong practical experience through labs, home projects, certifications, or internships may also be considered if they can demonstrate applied knowledge at a Tier 2 level
- Bachelor’s degree in Computer Science, Information Security, Cyber Security or related field, or equivalent experience desirable.
- Any SIEM‑specific certification or vendor‑specific training.
- Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential.
