IT Security Analyst (SOC) Manager

• Act as the primary point of escalation for Level 1 analysts for complex security events and potential incidents.
• Perform in-depth investigation and analysis of security alerts using SIEM, EDR and other security tools.
• Lead the response to confirmed security incidents, including containment, eradication, and recovery efforts.
• Conduct advanced threat hunting to identify indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that evade traditional detection methods.
• Perform detailed analysis of malware and attacker tools.
• Provide daily guidance, supervision, and technical direction to a team of Level 1 SOC Analysts.
• Develop and execute a formal training and mentorship program to "groom" Level 1 analysts into proficient Level 2 analysts.
• Work with the team‑lead to create and review shift schedules to ensure 24/7 coverage.
• Foster a collaborative, knowledge‑sharing, and high‑performance team culture.
• Conduct regular performance reviews and provide constructive feedback.

• Develop, refine, and document SOC standard operating procedures (SOPs), playbooks, and runbooks for alert triage and incident response.
• Analyze alert trends and false positives to provide feedback for tuning SIEM rules, use cases, and correlation logic.
• Assist the SOC Manager in evaluating new security technologies and tools.
• Contribute to the creation of detailed incident reports for management and clients.

Experience: 5+ years of experience in a cybersecurity operations role, with at least 2 years in a senior or escalation analyst (Level 2) position.

Leadership: Proven experience mentoring, coaching, or leading junior security personnel.

Technical Proficiency:

• Deep understanding of network protocols, traffic analysis, and network‑based attacks.
• Strong knowledge of operating systems (Windows, Linux) and their internals.
• Hands‑on experience with SIEM platforms (e.g., NetWitness & DEVO).
• Proficient with EDR tools (e.g., Trend Micro, CrowdStrike, Microsoft Defender for Endpoint).
• Solid understanding of the Cyber Kill Chain, MITRE ATT&CK framework, and incident response lifecycle.

Analytical Skills: Exceptional problem‑solving and critical‑thinking skills with the ability to analyze complex data from multiple sources.

Communication: Excellent verbal and written communication skills, with the ability to explain technical details to both technical and non‑technical audiences.

• Experience in a managed security service provider (MSSP) environment.
• One or more relevant industry certifications such as GCIA, GCIH, CySA+, or OSCP.
• Level 2 Security Analyst experience.
• Knowledge of cybersecurity, cloud security, and associated monitoring tools.