Is this your next challenge as SOC Analyst (L2) / Assistant SOC Manager
The SOC Analyst (L2) / Assistant SOC Manager is responsible for leading security monitoring, incident response, and continuous improvement of SOC capabilities.
This role goes beyond alert handling by owning incidents end-to-end, enhancing detection logic, driving automation initiatives, and supporting the SOC Manager in daily operations.
The position acts as a key operational lead within the SOC, ensuring effective threat detection, timely response, and measurable reduction of cybersecurity risk across the organization.
The challenge is to:
Technical Qualifications
Security Operations
- Strong hands-on experience with SIEM, EDR/XDR, SOAR and network security tools
- Ability to analyze alerts, logs, and suspicious activity across multiple platforms
Incident Response & Threat Handling
- Experience managing incidents from detection to closure
- Ability to perform root cause analysis and recommend remediation actions
- Strong understanding of common attack techniques and threat vectors
Threat Hunting & Detection
- Experience conducting threat hunting using logs, endpoints, and network data
- Ability to improve detection use cases and identify gaps
- Familiarity with MITRE ATT&CK
Automation & Scripting
- Experience with SOAR platforms and automation workflows
- Ability to automate repetitive SOC tasks
- Proficiency in Python, PowerShell, KQL, or similar
Technical Foundation
- Strong understanding of:
- Networking (TCP/IP, DNS, HTTP/S, VPN)
- Operating systems (Windows, Linux)
- Cloud environments (basic security monitoring)
- Ability to correlate and analyze logs from multiple sources
Key Responsibilities
Incident Monitoring, Analysis & Response
- Lead the triage, investigation, and response of security alerts across SIEM, EDR, IDS/IPS, and cloud platforms
- Own incidents from detection through containment, eradication, and recovery
- Perform root cause analysis (RCA) and document incident timelines, impact, and lessons learned
- Escalate and coordinate complex incidents with Incident Response, infrastructure, and application teams
- Execute authorized containment actions such as account lockdown, endpoint isolation, and IP blocking
Detection Engineering & Threat Hunting
- Develop, tune, and optimize SIEM detection rules to improve coverage and reduce false positives
- Map detections to MITRE ATT&CK and identify detection gaps
- Conduct hypothesis-driven threat hunting across SIEM, EDR, network, and identity data sources
- Analyze and validate indicators of compromise (IOCs) and emerging threat patterns
Automation & SOAR Enablement
- Design, develop, and maintain SOAR playbooks to automate SOC workflows
- Automate alert triage, enrichment, phishing analysis, and response actions
- Continuously improve SOC efficiency by reducing manual effort and improving response time (MTTR)
- Work with Security Engineering to integrate automation across tools and platforms
SOC Operations & Performance
- Support the SOC Manager in daily SOC operations, shift oversight, and workload prioritization
- Review and validate escalations from L1 analysts to ensure accuracy and quality
- Track and improve SOC performance metrics (MTTD, MTTR, false positives, alert-to-incident ratio)
- Ensure incidents are properly tracked, resolved, and closed with appropriate documentation
Playbooks, Procedures & Compliance
- Develop, maintain, and enhance SOC playbooks, runbooks, and standard operating procedures
- Ensure SOC processes align with ISO/IEC 27001, NIST CSF, and internal standards
- Support audit activities by maintaining proper documentation and evidence of incident handling
- Ensure consistent classification, severity rating, and response practices
Collaboration & Stakeholder Engagement
- Act as the primary escalation point for SOC analysts during complex incidents
- Provide clear incident updates and summaries to management and stakeholders
- Work closely with infrastructure, network, and application teams to drive remediation
- Mentor and guide L1 analysts to improve investigation and response capabilities
AI-Driven SOC Enhancement
- Utilize AI capabilities to support alert triage, investigation, and incident summarization
- Contribute to SOC advisory functions for Level 1 automation and decision support
- Identify opportunities to integrate AI into detection, response, and threat intelligence workflows
Do you have experience in
- Minimum 3 years in SOC or Security Operations
- Preferred 4–6 years total cybersecurity experience
- Exposure to incident ownership and team guidance is expected
- Bachelor's degree in computer science or relevant hands-on experience may be considered in place of formal education.
Certifications (Optional)
Certifications are not mandatory but considered an advantage:
- CompTIA Security+
- CompTIA CySA+
- EC-Council Certified SOC Analyst (CSA)
- GIAC Certified Incident Handler (GCIH)
- Additional certifications are a plus:
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- GIAC Certified Intrusion Analyst (GCIA)
If you have the right skills and experience, this is an opportunity to build your career with Asia's leading retailer.
DFI Retail Group is an equal opportunity employer and responsible for ensuring that all personal information collected from each Candidate presented to DFI Retail Group is used for recruitment purposes only and the personal data will be kept and handled confidentially. We will retain the applications of candidates not selected for a period of no more than 24 months. The data collection process is in accordance with all applicable laws and compliant with the Code of Practice on Human Resource Management.
To find out more about Our Businesses and Our People, please visit our website: https://www.DFIretailgroup.com
