L2 Security Operations Center Analyst
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Shieldworkz is looking for an L2 SOC Analyst to handle escalated alerts, conduct deep investigations, and drive incident response actions. The role requires 3-5 years of SOC experience with at least 1-2 years at L2, proficiency in SIEM platforms like Google Chronicle, and strong incident analysis skills.
Key Skills for This Role
Responsibilities
- Receive and investigate escalations from L1, performing in depth event correlation and contextual analysis within Google SecOps (Chronicle)
- Validate true positives and initiate incident response workflows per defined playbooks
- Lead false positive identification and submit tuning recommendations to detection engineering
- Conduct threat hunting activities using Chronicle’s YARA L rules and UDM search
- Perform root cause analysis for confirmed incidents and document findings
- Develop and execute remediation plans
- Coordinate with client stakeholders for containment and remediation guidance
- Review and provide feedback on L1 triage quality; support L1 analyst upskilling
- Contribute to SOP refinement based on operational experience
- Track and manage open incidents to closure within defined SLA thresholds
- Prepare shift summary reports and escalation to resolution case documentation
Requirements
- 3–5 years of SOC experience, with at least 1–2 years at L2 or equivalent
- Proficiency in one or more SIEM platforms: Google Chronicle/SecOps, Splunk, Microsoft Sentinel, IBM QRadar, ArcSight, or LogRhythm
- Hands on experience with SOAR platforms
- Strong incident analysis skills across network, endpoint, identity, and cloud telemetry
- Solid understanding of MITRE ATT&CK TTPs
- Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or related technical discipline
- Willingness to work in a 24x7 shift based environment
Full Job Posting
Role Overview
- The L2 SOC Analyst handles escalated alerts from L1, conducts deeper investigation and correlation, leads false positive validation and rule tuning inputs, and drives incident response actions.
- This role is the operational backbone of the SOC balancing analytical depth with turnaround speed.
Key Responsibilities
- Receive and investigate escalations from L1, performing in depth event correlation and contextual analysis within Google SecOps (Chronicle).
- Validate true positives and initiate incident response workflows per defined playbooks.
- Validate and, where necessary, reclassify incident priority (P1 P4) against the severity matrix defined in the SOP.
- Lead false positive identification and submit tuning recommendations to the detection engineering function.
- Conduct threat hunting activities on a scheduled or ad hoc basis using Chronicle’s YARA L rules and UDM search.
- Perform root cause analysis (RCA) for confirmed incidents and document findings.
- Develop and execute remediation plans containment actions, eradication steps, and recovery sequencing aligned to incident severity.
- Coordinate with client stakeholders for containment and remediation guidance where applicable.
- Review and provide feedback on L1 triage quality; support L1 analyst upskilling.
- Contribute to SOP refinement based on operational experience.
- Track and manage open incidents to closure within defined SLA thresholds.
- Prepare shift summary reports and escalation to resolution case documentation.
Required Skills & Experience
- 3–5 years of SOC experience, with at least 1–2 years at L2 or equivalent.
- Proficiency in one or more SIEM platforms: Google Chronicle/SecOps, Splunk, Microsoft Sentinel, IBM QRadar, ArcSight, or LogRhythm Chronicle experience preferred.
- Hands on experience with SOAR platforms: Palo Alto XSOAR, Splunk SOAR, IBM Resilient, or equivalent.
- Strong incident analysis skills across network, endpoint, identity, and cloud telemetry.
- Solid understanding of MITRE ATT&CK TTPs and their application in alert investigation.
- Strong understanding of attack surface analysis.
- Experience developing and executing remediation plans.
- Proven incident management capability end to end ownership from detection through closure.
- Experience with false positive management and detection tuning processes.
- Knowledge of common threat actor patterns, malware behaviours, and lateral movement indicators.
- Strong written communication incident reports, RCA documentation, and stakeholder updates.
Behavioural & Operational Requirements
- Willingness to work in a 24x7 shift based environment with rotational scheduling across day, evening, and night shifts.
- Flexible to adjust availability during major incidents, escalations, or critical operational periods.
- Strong team orientation actively supports L1 analysts, contributes to shift debriefs, and ensures seamless handovers.
- Collaborative approach when coordinating with client stakeholders, peer analysts, and detection engineering teams.
- Leads by example in shift discipline, documentation standards, and operational accountability.
Education
- Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related technical discipline.
- Master’s Degree in Cybersecurity or Computer Science is an added advantage.
Preferred Qualifications
- Core Certifications: CEH, ECSA, CompTIA Security+
- SIEM Tool Certifications: Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin, Microsoft Sentinel Skills Applied Learning Path, IBM QRadar SIEM Foundation
- SecOps Certifications: GCIH, GCIA, BTL1, SC 200
- Cloud Security Certifications: AWS Security Specialty, Microsoft AZ 500, Google Professional Cloud Security Engineer, CompTIA Cloud+
- Hands on experience or working knowledge of Agentic AI in SOC operations.
- Experience working in managed SOC or MSSP environments.
- Exposure to threat intelligence platforms and IOC enrichment workflows.
- Prior work in critical infrastructure, government, or regulated sector SOCs.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Shieldworkz
Security Operations Center Analyst
Abu Dhabi, UAE
Shieldworkz is hiring an L1 SOC Analyst for a Google SecOps-powered SOC in Abu Dhabi. The role involves real-time alert monitoring, initial triage, and escalation following SOPs and playbooks. Requires 1-3 years of SOC e
Business Development Specialist
Abu Dhabi, UAE
At Shieldworkz, we don’t just build cybersecurity products, we safeguard the lifelines of critical infrastructure. As a Business Development Specialist , you’ll be at the forefront of expanding our presence in OT/ICS cyb