Tier 2 SOC Analyst

The R2 Analyst plays a vital role in the Security Operations Centre (SOC), contributing to the organization's overall cybersecurity posture by actively participating in monitoring, analysis, and response to security incidents and events. With a focus on continuous learning and collaboration, the R2 Analyst supports the SOC team in identifying, assessing, and mitigating potential security threats and vulnerabilities. Through foundational technical skills and a detail-oriented approach, the R2 Analyst helps safeguard the organization's critical systems, data, and assets from cyber risks.

By working closely with senior analysts and leveraging emerging technologies, the R2 Analyst helps maintain a vigilant and proactive defense against evolving cyber threats, enabling the organization to operate securely and confidently.

1. Threat Detection and Monitoring:
   • Monitor the SOAR platform for EDR Logs, SIEM Logs, IDS Logs, and Managed Intelligence sources.
   • Identify potential threats, vulnerabilities, and indicators of compromise.
   • Initiate escalation procedures to counteract potential threats and vulnerabilities.
   • Analyze and interpret threat intelligence feeds and implement protective measures accordingly.
2. Incident Remediation and Documentation:
   • Provide incident remediation and prevention recommendations to customers using established procedures and analyst experience.
   • Document and adhere to security monitoring processes.
   • Implement preventative measures such as domain blocking, host isolation, and file hash blacklisting.
3. Customer Service and Escalation:
   • Deliver exceptional customer service to exceed expectations.
   • Serve as an escalation point for junior and R1 team members, offering assistance and mentorship.
   • Contribute to security documentation, including incident response playbooks, SOPs, and knowledge base articles.
4. Reporting and Continuous Improvement:
   • Compile and review service reports for effective communication.
   • Maintain security documentation, including incident response playbooks, SOPs, and knowledge base articles.
5. Threat Analysis and Collaboration:
   • Contribute insights to security incident analysis.
   • Maintain relationships with Analytic Development and Security Engineering teams.
   • Collaborate with shift partners to provide high-quality service.
6. General Duties:
   • Perform additional duties as required.
   • Adapt quickly to new security tools, technologies, and processes.
   • Demonstrate strong analytical and problem-solving skills.
   • Communicate effectively, both written and verbal.
   • Work collaboratively within the team.
   • Stay updated on emerging threats and APT groups.
7. Network and OS Knowledge:
   • Understand common network protocols and tools.
   • Analyze PCAP files and network traffic.
   • Proficient in Windows, Linux, and MacOS.
   • Document technical and customer-facing information accurately.
8. Incident Analysis and Response:
   • Knowledge of MITRE ATT&CK framework.
   • Perform in-depth analysis of security alerts.
   • Assess customer impact and work with senior analysts for resolution.
   • Coordinate with CIRT for active compromises.
   • Interpret threat priority against the cyber kill chain.
   • Provide mitigation and remediation steps.
9. Tooling:
   • Experience with SIEM platforms like Splunk, Sentinel, Swimlane.
   • Knowledge of EDR solutions such as Defender for Endpoint and Carbon Black.
   • Proficiency with network analysis tools like Wireshark.
10. Desirable Certifications:
    • CompTIA Network+
    • CompTIA Security+
    • CompTIA CySA+
    • Microsoft SC-200
11. Behaviours:
    • Client-focused, collaborative, adds value, enables and empowers, takes personal responsibility, communicates openly and respectfully, embraces an open mindset, seeks growth, demonstrates analytical thinking, collaborates effectively, is proactive, committed to continuous learning, customer-centric, problem-solves, adaptable.