Security Analyst – SOC Operations (Level 2)

The Security Analyst – SOC Operations (Level 2) is responsible for advanced monitoring, investigation, and response to cybersecurity incidents within a Private 5G Security Operations Center. This role performs in-depth analysis of incidents escalated from Level 1, leads root cause investigations, and supports the continuous security and resilience of 4G/5G RAN and Core networks. The position plays a critical role in strengthening detection capabilities, improving response processes, and ensuring uninterrupted and secure network operations.

• Conduct detailed analysis of security incidents escalated by L1 SOC analysts.

• Perform root cause analysis and advanced investigations to determine scope, impact, and threat vectors.

• Respond to, contain, and remediate security incidents while minimizing operational and service impact.

• Utilize advanced security tools and techniques to analyze, investigate, and mitigate threats.

• Collaborate with internal and external teams to implement corrective and preventive security controls.

• Document incident findings, actions taken, and lessons learned in accordance with SOC procedures.

• Provide recommendations for improving incident response playbooks and 5G-specific security procedures.

• Maintain strong working knowledge of 4G/5G protocols, signaling flows, and architectures for RAN and Core.

• Provide technical guidance, mentoring, and on-the-job training to L1 SOC analysts.

• Monitor evolving threat landscapes, vulnerabilities, and technologies impacting 5G environments.

• Support and maintain the 5G SOC operations lab.

• Ensure the ongoing integrity, availability, and security of 5G RAN and Core network environments.

• Bachelors degree in Computer Science, Information Security, or a related discipline.

• Strong understanding of TCP/IP, OSI Seven Layer Model, and diverse network architectures.

• Strong knowledge of cybersecurity principles and 4G/5G technologies.

• Hands‑on experience with security tools including SIEM, SOAR, IDS/IPS, and forensic analysis tools.

• Proven ability to conduct advanced investigations, including malware analysis and threat containment.

• Experience working in 4G/5G Security Operations environments.

• Experience in ISP or telecom environments is a strong advantage.

• Hands‑on experience with Splunk and Microsoft Sentinel.

• Experience across IT and OT environments.

• Strong analytical, problem-solving, documentation, and communication skills.

• Ability to work under pressure and respond effectively to security incidents.

• Industry certifications are preferred, including CompTIA Security+, CSA, CCNA CyberOps, CySA+, GCIH, BTL1, MITRE ATT&CK Defender (MAD), and Splunk / Microsoft Sentinel certifications.