SOC L2 Lead

Are you a motivated problem-solver who loves learning new skills? Join our friendly team and grow your career with real hands‑on experience.

Incident Handling & Escalation Management

• Lead and perform triage, containment, and response for complex security incidents.

• Review and validate escalated events from SOC Level 1 analysts.

• Provide guidance and mentoring to L1/L2 team members during incident response.

• Perform forensic analysis, log correlation, and root cause investigation.

Detection Engineering & Optimization

• Refine and tune SIEM detection rules, use cases, and correlation logic.

• Collaborate with Threat Intelligence and Vulnerability Management teams to enrich detection logic.

• Work with security engineers to integrate new data sources into SIEM/XDR.

Team Leadership & Collaboration

• Support the SOC Manager in monitoring day‑to‑day operations and shift performance.

• Deliver knowledge transfer and continuous training for SOC analysts.

• Maintain and improve SOC documentation, SOPs, and incident response playbooks.

Tools, Automation & Threat Hunting

• Use and oversee tools such as Microsoft Sentinel, QRadar, Splunk, CrowdStrike, etc.

• Lead proactive threat hunting exercises and coordinate post-incident reviews.

• Identify and implement automation opportunities in triage and incident workflows.

Reporting & Continuous Improvement

• Prepare regular SOC performance reports, incident metrics, and SLA compliance dashboards.

• Contribute to the strategic growth of the SOC and its operational maturity.

• Bachelor's degree in Cybersecurity, Computer Science, or a related field.

• Minimum 5 years of experience in a SOC environment, with at least 1–2 years in a lead or senior analyst role.

• Strong knowledge of SIEMs (Sentinel, QRadar, etc.), EDR/XDR, SOAR platforms, and threat intel tools.

• Familiarity with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain.

• Hands‑on experience with IDS/IPS, packet analysis, log aggregation, and malware triage.

• Capable of scripting or automation (Python, PowerShell, or similar) is a plus.

• Excellent analytical and problem‑solving skills.

• Strong communication and leadership qualities.

• Ability to operate effectively in a high‑pressure and 24x7 environment.

• Required: CompTIA CySA+, CEH, or equivalent

• Preferred: Certifications in SIEM platforms or SOC operations (e.g., Microsoft Sentinel, QRadar, Google Chronical SIEM)

Career growth opportunities

Friendly work environment

Medical Card, Birthday Leave, Team Building, Sport Activities and many more!

We’re a growing team that values teamwork, learning, and respect. If you’re eager to improve and try new things, we’d love to meet you!