About the Role
As an L2 Cyber Defence Analyst, you will play a key role in incident investigation, threat detection, and escalation management. You will act as the primary escalation point for L1 analysts while also serving as a shift lead within a 24/7 SOC environment.
This role combines hands-on technical investigation with leadership, mentoring, and process improvement responsibilities.
Key Responsibilities
- Investigate security incidents and detect threats through log analysis
- Utilize SIEM, UEBA, and EDR tools for monitoring and investigation
- Act as primary escalation point for complex incidents from L1 analysts
- Perform root cause analysis and initiate containment actions
- Escalate high/critical incidents according to established processes
- Preserve integrity of cybersecurity data for forensic investigation
- Lead shift operations, manage workload, and prepare end-of-shift reports
- Conduct quality audits on L1 tickets
- Lead handover calls between shifts
- Recommend alert tuning to reduce false positives
- Contribute to SOC process maturity and documentation improvements
- Provide mentorship and in-shift guidance to L1 analysts and new joiners
Must-Have Qualifications
- 45 years experience in a mature Cyber Defence Centre / SOC
- Hands-on experience with SIEM, UEBA, and EDR tools
- Experience leading investigations and collaborating with business stakeholders
- Ability to work in a 24/7 SOC environment (shift-based work)
- Strong troubleshooting and research capabilities
- Experience performing root cause analysis and incident containment
- Working knowledge of Linux, macOS, and Windows
- Ability to write structured investigation reports
- Ability to identify common attack techniques
Good-to-Have
- Security certifications (SC-200, SC-900, Security+, CySA+, CASP+, etc.)
- Network certifications (Network+, CCNA, etc.)
- Knowledge of WAF, databases, Active Directory, DLP, proxies, firewalls, and network security systems
