L2 SOC Analyst (Cloud Security Monitoring)

We are building a next-generation Security Operations Center (SOC) designed for the AI-first era. We are moving beyond traditional reactive methods to build an intelligent, automated SOC that leverages deep cloud security expertise to stop advanced threats.

We are seeking a motivated and detail-oriented L2 SOC Analyst to be a core member of our 24/7 operations team. This role is for a hands-on analyst who excels at investigating complex alerts, using automation to accelerate response, and is passionate about cloud security. You will be the primary line of in-depth analysis, working to validate, investigate, and contain threats as
they are escalated from L1.

 

Please note: This is a 24/7 operational role. The SOC team works in three rotating shifts (morning, afternoon, and night) to ensure continuous monitoring and response.

Incident Triage & Investigation
● Serve as the primary escalation point for alerts triaged by L1 analysts.
● Conduct detailed analysis of security alerts from a wide range of sources (SIEM, EDR, CSPM, Cloud-native tools) to validate threats and determine their scope.
● Investigate security incidents in our enterprise and cloud environments (AWS, Azure, GCP), correlating data to build a complete picture of attacker activity.
● Perform deep-dive analysis of logs, kubernetes containers, and endpoint data to identify indicators of compromise (IOCs).
Incident Response & Automation
● Execute and tune automated response playbooks using our SOAR platform for common security incidents.
● Perform timely incident response actions, such as isolating compromised hosts, blocking
malicious IPs/domains, and disabling compromised accounts.
● Utilize and modify existing scripts (primarily Python) to assist with automated evidence collection and enrichment.
● Document all investigation steps, findings, and containment actions in our incident management system.

 

Threat Hunting & Cloud Monitoring
● Participate in hypothesis based threat hunting campaigns based on new threat intelligence or hypotheses developed by senior analysts.
● Actively monitor and analyze security logs from cloud-native tools (e.g., AWS GuardDuty, CloudTrail,Cloudflare, Azure,etc.) and kubernetes containers.
● Assist in tuning detection rules and identifying false positives to help improve the fidelity of our security alerts.
Continuous Improvement & Collaboration
● Escalate complex, high-severity, or unresolved incidents to L3 Analysts and the Incident Response team with detailed handover notes.
● Contribute to the refinement of SOC documentation, including Standard Operating Procedures (SOPs) and investigation runbooks.
● Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis.

 

 

 

 

● Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
● Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night).
● 4-6 years of experience in a Security Operations (SOC) environment, with demonstrated L2 capabilities.
● Cloud & Container Security Experience: Hands-on experience monitoring and responding to alerts in at least one major cloud provider (AWS, Azure, or GCP); fundamental knowledge on container security
● Technical Expertise: Strong, hands-on experience with SIEM (e.g., CrowdStrike, Splunk, QRadar, Azure Sentinel) and EDR (e.g., CrowdStrike, SentinelOne) platforms.
● AI/Automation Familiarity: Experience using a SOAR platform and familiarity with AI tools and their practical implementation.
● Strong working knowledge of the MITRE ATT&CK framework and its application to
incident analysis.

● Be at the forefront of a modern, cloud-focused Security Operations Center.
● Gain deep, hands-on experience with cutting-edge cloud security, automation, and threat intelligence technologies.
● A clear career path for growth into L3, threat hunting, or automation engineering roles.
● Collaborate with world-class security and engineering leaders in a high-impact, operational role.

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy