Security Operations (SOC) L2

Role Overview

This role supports Security Operations Centre (SOC)activities, including monitoring, investigation, threat hunting, and incident response. The resource operates as a second line of defense, translating alerts into actionable findings and improving detection capability.

Core Responsibilities

1. Perform L2 triage and investigation of security alerts across SIEM, EDR/XDR, email, identity, network, and cloud platforms

2. Correlate events to identify root cause, scope, and impact of security incidents

3. Investigate phishing, malware, account compromise, and unauthorised access cases

4. Conduct proactive threat hunting using threat intelligence and MITRE ATT&CK

5. Support containment, remediation, and recovery activities

6. Contributeto SOC improvements (playbooks, detection tuning, onboarding of new tools)

Core Requirements

1. Degree or Diploma in Cybersecurity, IT, or related field

2. At least 3 years of experience in SOC operations or incident response (L2 preferred)

3. Experience with SIEM, EDR/XDR, and cloud or identity security tools

4. Strong understanding of attack chains, MITRE ATT&CK, and threat analysis

5. Demonstrated hands-on experience in incident investigation or threat hunting

6. Ability to operate independently in a SOC environment