The primary function of an L2 Analyst is to ensure that the SOC team is performing its functions as required and to trouble shoot problematic incidents and events. Responsibilities ¿ Track incident detection and closure ¿ Execute risk hunting activities ¿ Undertake forensic investigations ¿ Act as subject matter expert and expert witness where required ¿ General intelligence advisories and delegate intelligence aggregation tasks to L1 ¿ Generate new use cases for emerging threats ¿ Validation of security incidents ¿ Conduct audits of logging and correlation ¿ Conduct monthly security use case review and correlation audits ¿ Use of sandbox, honeypot, analytics tools and security testing ¿ Escalation management ¿ Ensure process compliance ¿ Ensure quality of investigations and notification and direct L1 accordingly ¿ Report deviations to SOC manager and L3 ¿ Ensure SLA compliance for projects within remit ¿ Perform deep analysis to security incidents to identify the full kill chain ¿ Provide knowledge to L1 such as guides, cheat sheets etc ¿ Follow up with the recommendations to the client to contain an incident or mitigate a threat ¿ Respond to incident escalations and provide solid recommendations ¿ Update aging incidents and requests ¿ Track SOC performance in terms of SLAs and incident quality ¿ Conduct threat hunting exercises on SIEM and EDR platforms ¿ Develop and improve processes for monitoring and incident qualification ¿ Perform quarterly evaluation for L1 analysts and report feedback to RM ¿ Perform threat intelligence analysis and investigations. Search on the dark web and use other platforms such as RF to identify intelligence indicators or threats for a specific client. Essential Skills ¿ Experience with Security Information Event Management (SIEM) tools, creating advanced co relation rules, administration of SIEM, system hardening, and Vulnerability Assessments ¿ Should have expertise on TCP/IP network traffic and event log analysis ¿ Knowledge and hands on experience with Qradar (preferred), Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool ¿ Knowledge of ITIL disciplines such as Incident, Problem and Change Management ¿ Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate, PaloAlto and Sonicwall firewalls would be an added advantage. ¿ Knowledge and hands on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products Education ¿ Bachelors in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree Requirements & ¿ Minimum of 4 6 years of experience in the IT security industry, preferably working in a SOC Experience environment ¿ Certifications: GCIH, CCNA, CCSP, CEH Additional ¿ Strong verbal and written English communication. Desired Skills ¿ Strong interpersonal and presentation skills ¿ Ability to work with minimal levels of supervision. ¿ Willingness to work in a job that involves 24/7 operations