Security Analyst (L2)- Threat Lead (RARR Job 6258)

We are seeking a skilled Security Analyst (L2) to join our Security Operations Center (SOC). The ideal candidate will be responsible for monitoring, investigating, and responding to security alerts and incidents across enterprise environments. The role requires hands-on experience in threat analysis, incident investigation, log analysis, threat hunting, and security monitoring using SIEM and related security technologies.

Key Responsibilities

• Monitor, analyze, and investigate security alerts generated from SIEM, UEBA, NDR, EDR, and other security monitoring platforms.

• Perform detailed analysis of security events and incidents to determine scope, impact, root cause, and remediation requirements.

• Validate and triage alerts escalated from L1 analysts, identifying false positives and genuine security threats.

• Conduct threat hunting activities using indicators of compromise (IOCs), threat intelligence feeds, behavioral analytics, and anomaly detection techniques.

• Investigate suspicious activities across network, endpoint, cloud, and user environments using security logs and telemetry data.

• Analyze Windows, Linux, Active Directory, firewall, proxy, DNS, email, endpoint, and cloud security logs to identify malicious activity.

• Utilize MITRE ATT&CK framework and threat intelligence sources to map adversary behaviors and improve detection capabilities.

• Document investigation findings, incident timelines, root cause analysis, and remediation recommendations.

• Support incident response activities by collecting evidence, performing preliminary forensic analysis, and coordinating with L3 analysts and incident response teams.

• Assist in developing and tuning SIEM correlation rules, use cases, detection content, and monitoring dashboards to improve threat detection effectiveness.

• Participate in security monitoring reviews, threat-hunting exercises, and continuous improvement initiatives within the SOC.

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

• Minimum 4 years of experience in Security Operations Center (SOC), Security Monitoring, Threat Detection, or Incident Analysis roles.

• Hands-on experience with enterprise SIEM platforms such as Splunk, IBM QRadar, Microsoft Sentinel, ArcSight, or LogRhythm.

• Strong understanding of security monitoring, incident investigation, threat analysis, and log correlation techniques.

• Knowledge of network protocols, TCP/IP, DNS, HTTP/S, firewalls, VPNs, and endpoint security technologies.

• Experience analyzing Windows, Linux, Active Directory, cloud, and network security logs.

• Familiarity with MITRE ATT&CK framework, threat intelligence concepts, and cyber attack methodologies.

• Basic understanding of digital forensics, malware analysis, and incident response processes.

Mandatory Certifications (Anyone)

• CompTIA CySA+
• CEH (Certified Ethical Hacker)
• GCIH
• GCIA
• Blue Team Level 1 (BTL1)
• Security+

Preferred Skills

• SIEM Monitoring & Analysis
• Threat Hunting
• Incident Investigation
• Log Analysis
• Threat Intelligence
• MITRE ATT&CK Framework
• Windows & Linux Security
• Network Security Monitoring
• EDR / XDR Platforms
• Security Operations