SOC Analyst-Tier 2 (R-00069)

Tier 2 SOC Analyst Responsibilities

• Perform in-depth analysis of security events and incidents escalated from Tier 1 SOC Analysts. 
• Conduct forensic analysis and detailed investigations of security incidents to determine the root cause and extent of compromise. 
• Develop and execute incident response plans to contain and remediate security incidents effectively. 
• Collaborate with cross-functional teams, including Tier 1 SOC Analysts, Incident Response teams, and SOC Lead/Program Manager to ensure timely incident response, resolution, and reporting.
• Continuously monitor and analyze network traffic, system logs, and security tools for indicators of compromise (IOCs) and emerging threats. 
• Provide guidance and support to Tier 1 SOC Analysts, including coaching and knowledge sharing to enhance their technical skills. 
• Develop and maintain comprehensive documentation related to incident response processes, procedures, and lessons learned. 
• Participate in vulnerability assessments and penetration testing activities to identify and address potential security weaknesses. 
• Stay up to date with the latest cybersecurity trends, threat intelligence, and attack techniques to enhance the effectiveness of the SOC operations. 
• Perform ticket review, cross training, support process refinement, and provide general mentoring for Tier 1 staff. 
•  Assist in the development and performance of quality control checks for SOC operations 
• The ability to perform triage and root cause analysis on security events
•  Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation 
•  Analyze raw data sources to extract, institutionalize, and document actionable events 
• Review existing security events and propose refinements as necessary 
•  Identify and report on metrics related to the operations of the team 
•  Tier 2 analyst support is required during core hours (7AM until 7PM – not including holidays and weekends)
•  Tier 2 analysts will be included on the on-call support list to support 24x7 security operations. 
•  Demonstrates deep technical level experience supporting security network defense and strategies. 
•  Ability to work in a high-pressure environment with changing priorities. 
• A technical, not academic, understanding of the current threats and tactics being used to attack systems. 

Tier 2 SOC Analyst Requirements

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience). 
• Proven experience (5+ years) in a SOC or security-related role, with a focus on incident response and analysis. 
• Ability to communicate effectively, both orally and in writing, with all members of the team; to include non-technical end users, regionally dispersed system administrators, and CyberSecurity leadership.
• Ability to obtain and maintain at minimum a SECRET clearance, TS/SCI is preferred. 
• U.S. Citizen 
• Required: Ability to pass a USCP background check. 
• Strong understanding of cybersecurity principles, best practices, and frameworks (e.g., NIST, ISO 27001, CIS Controls). 
• Familiarity with security technologies and tools such as SIEM, IDS/IPS, firewalls, antivirus, and endpoint protection systems. 
• Experience conducting forensic analysis and investigations of security incidents, including memory and disk analysis. 
• Knowledge of network protocols, packet capture analysis, and log analysis techniques. 
• Proficiency in security incident response methodologies and best practices. 
• Excellent analytical and problem-solving skills, with the ability to think critically and make sound decisions under pressure. 
• Strong communication and collaboration skills, with the ability to effectively interact with technical and non-technical stakeholders. 
• Security certifications such as GCIH, GCIA, or CISSP are highly desirable. 
• Experience with threat hunting and proactive detection techniques. 
• Knowledge of advanced malware analysis and reverse engineering. 
• Familiarity with scripting languages (Python, PowerShell, etc.) for automation and data analysis. 
• Understanding of cloud platforms and their impact on SOC operations (e.g., AWS, Azure, GCP). 
• Familiarity with endpoint detection and response (EDR) tools and technologies. 
• Ability to work effectively in a team environment and mentor junior analysts. 
• Strong attention to detail and the ability to prioritize and manage multiple tasks and incidents. 
• Continuous learning mindset and a passion for staying up to date with the latest cybersecurity trends and technologies.