L2 Incident Response Analyst

Key Responsibilities

• Perform deep-dive analysis on escalated alerts: correlate logs (SIEM), network traffic, endpoint (EDR), and threat intelligence
• Confirm scope, severity, and root cause; classify based on NIST/ISO 27035 guidelines
• Lead containment, eradication, and recovery steps (e.g., isolate endpoints, revoke credentials)
• Coordinate incident response war rooms and liaise with L1, L3, and business stakeholders
• Conduct post-incident reviews; document timelines, evidence, and lessons learned
• Recommend preventive controls and SOC improvements (playbook updates, SIEM rule tuning)
• Analyze Red Team findings, incorporate into IR playbooks, escalations, and detection logic
• Support tuning of SIEM (Sentinel preferred), EDR, and alerting thresholds
• Participate in cyber drills, tabletop exercises, and metrics review to enhance SOC maturity
• Maintain incident tickets and generate comprehensive incident reports including timeline, impact, root cause, and recommended mitigation

Person Specifications

• 3–5 years in security operations, incident response, or SOC Analyst roles
• Bachelors degree in Cybersecurity, Computer Science, or related field
• Certifications: GCIH, GCFA, GREM, CEH preferred
• Hands-on experience with SIEM tools (Microsoft Sentinel strongly preferred; Splunk, QRadar)
• Practical knowledge of EDR technologies, threat intelligence platforms, packet analysis, and forensic tools
• Experience working with Red Team or penetration test findings in strengthening SOC defenses
• Solid understanding of incident response lifecycle, threat actor tactics, and detection frameworks like MITRE ATT&CK
• Proficiency in log analysis, endpoint forensics, packet analysis (e.g., Wireshark), and IOC extraction
• Familiarity with IR frameworks and compliance standards (NIST, ISO 27035, GDPR/PDPA)
• Strong communication skills; capable of leading incident discussions and coordinating with diverse teams

Nice to have

• Scripting skills (Python, PowerShell) for automation and data analysis
• Threat hunting experience, analyzing Red Team reports for SOC enhancements
• Exposure to SOAR tools, vulnerability management, and cloud-native IR in Azure/AWS environments
• ITIL, ITSM, or incident management experience