Security Operations Center (SOC) Analyst — Tier 2
Our Security Operations Center defends client environments around the clock. As a Tier 2 analyst you own the hard investigations — correlating signals across endpoint, identity, network, and cloud, running containment under agreed playbooks, and turning what you find into better detections. You'll work alongside our MDR, incident response, and SIEM teams as one program.
What you’ll do
- Investigate and triage escalated alerts across endpoint (EDR), identity, network, and cloud telemetry.
- Execute containment actions under client playbooks — host isolation, account lockout, indicator blocking.
- Run proactive, hypothesis-led threat hunts using current threat intelligence.
- Author and tune detections mapped to MITRE ATT&CK; reduce false positives.
- Write clear incident timelines and reports for clients, auditors, and insurers.
- Mentor Tier 1 analysts and contribute to runbooks and shift handoffs.
What we’re looking for
- 3+ years in a SOC, blue team, or hands-on detection & response role.
- Hands-on with a major EDR/XDR (Microsoft Defender, CrowdStrike, or SentinelOne).
- Working knowledge of a SIEM (Microsoft Sentinel, Elastic, or similar) and query languages.
- Scripting for automation and enrichment (Python or PowerShell).
- Solid grasp of MITRE ATT&CK, common attack paths, and Windows/identity internals.
- Clear written communication — you can explain an incident to a non-technical stakeholder.
Nice to have
- Certifications such as GCIA, GCIH, GCFA, BTL1, or Security+.
- Cloud security exposure across AWS, Azure, or GCP.
- DFIR or malware-analysis experience.

