Tier 2 Soc Analyst

We are looking for a skilled and detail-oriented Level 2 SOC Analyst to join our Security Operations Center (SOC) team.

This role is critical in defending against cyber threats by actively monitoring, analyzing, and responding to security incidents.

The Level 2 SOC Analyst will manage escalated alerts from Level 1, conduct in-depth threat analysis, and provide expert incident response to ensure the highest level of security for our clients' digital assets.

This position requires solid knowledge of cybersecurity best practices, incident response methodologies, and a thorough understanding of security technologies.

• Monitor and respond to escalated alerts and incidents identified by Level 1 SOC Analysts.
• Perform in-depth analysis of security events using various security tools, such as SIEM, IDS / IPS, firewalls, and endpoint protection platforms.
• Correlate security events across multiple sources to assess potential impact and identify indicators of compromise (IOCs).
• Lead incident investigations, including containment, eradication, and recovery processes, following documented incident response procedures.
• Escalate incidents to Level 3 or SOC Manager if necessary, providing detailed analysis and recommendations.
• Document incidents, findings, and remediation actions thoroughly to support forensics, audit, and post-incident analysis.

• Conduct proactive threat hunting activities to detect potential threats and vulnerabilities.
• Analyze logs and network traffic to identify suspicious activity patterns.
• Work with the Vulnerability Management team to assess and mitigate vulnerabilities, applying patches, and updating signatures as needed.
• Collaborate with internal teams, including IT, infrastructure, and application security, to enhance security postures.
• Develop and present incident reports and threat analysis findings to senior team members, stakeholders, and management.
• Provide guidance and mentorship to Level 1 SOC Analysts, supporting their professional development.
• Review and refine SOC processes, playbooks, and incident response procedures to optimize efficiency.
• Stay current with emerging cybersecurity threats, trends, and technologies to improve SOC operations.
• Assist in training and upskilling SOC team members in advanced security analysis techniques.

• Strong knowledge of network security principles, threat intelligence, and incident response processes.
• Proficiency in scripting (e.g., Python, Power Shell) and the ability to automate routine tasks.
• Understanding of MITRE ATT&CK framework, NIST Cybersecurity Framework, and other security standards.

• Excellent problem‑solving and analytical skills with keen attention to detail.
• Strong verbal and written communication skills, with the ability to explain complex security concepts to non‑technical stakeholders.
• Ability to work well under pressure, adapt quickly to changing priorities, and manage multiple incidents effectively.

• Experience working with cloud security tools and platforms (AWS, Azure, GCP).
• Knowledge of regulatory requirements and standards, such as GDPR, HIPAA, and ISO.
• Familiarity with threat intelligence platforms and the ability to correlate threat intelligence with SOC activities.

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or related field.
• Relevant certifications (Comp TIA Cy SA+, GIAC Certified Incident Handler, EC-Council Certified SOC Analyst, or similar) strongly preferred.
• Minimum of 2-3 years of experience in a SOC or cybersecurity role, with a focus on monitoring, analysis, and incident response.
• Hands‑on experience with security tools such as SIEM, EDR, IDS / IPS, firewalls, and vulnerability management solutions.
• Experience analyzing and responding to cybersecurity incidents, including malware analysis, threat hunting, and threat intelligence.

Sandton, South Africa – on-site role.

Market Related.