SOC Analyst L2

The SOC Analyst L2 role at Acuative Middle East involves investigating and responding to cybersecurity threats and incidents across enterprise environments to ensure timely remediation, maintain service-level compliance, and strengthen organizational cyber resilience.

Key Responsibilities:

• Triage and investigate escalated security alerts from Tier 1 analysts to ensure effective incident response.
• Monitor and analyze security events across multiple platforms to detect potential threats and implement mitigation steps.
• Execute incident response playbooks and remediate threats within SLA parameters to minimize security exposure.
• Escalate complex or high-impact incidents to the DFIR team for expert-level investigation.
• Conduct peer reviews of L1 incident triage activities, validating findings, and addressing false positives.
• Collaborate with cross-functional teams to remediate vulnerabilities and close gaps identified during investigations.
• Provide regular reports and incident metrics to support operational transparency and continuous improvement.
• Participate in the optimization of detection use cases in coordination with the C&P team.
• Identify opportunities for orchestration and automation within incident workflows.
• Review and validate shift handovers to ensure continuity in 24x7 SOC operations.

Qualifications and Education:

• Relevant industry certifications such as Security+, CySA+, eLearnSecurity eCIR or eCTHP.
• BSc/MSc in Cybersecurity, Information Security, or a related discipline.
• GIAC certifications (e.g., GCIA, GCIH) or equivalent considered an asset.

Experience:

• Minimum 4 years of experience in Security Monitoring or MSSP Operations.
• Minimum 1 year working in a SOC environment.
• Proven hands-on training in cybersecurity incident response and monitoring tools.

Specialized Knowledge and Skills:

• Strong understanding of cyber threat detection, network security, and endpoint defense.
• Proficient in reviewing logs, packet captures, and threat intelligence to identify and mitigate risks.
• Clear articulation of findings to both technical and non-technical stakeholders.
• Knowledge of scripting or automation tools (e.g., Python, PowerShell).
• Familiarity with the MITRE ATT&CK framework and threat hunting methodologies.

Language Requirements:

• Clear and concise communication in English (written and verbal).

Behavioral Competencies:

• Strong analytical and problem-solving skills.
• Ability to work under pressure in a fast-paced 24x7 environment.
• Team-oriented with a proactive and inquisitive mindset.

Technical Competencies:

• Proficiency in SIEM tools (e.g., Splunk, QRadar).
• Understanding of incident response frameworks and playbooks.
• Experience with EDR, firewall, and IDS/IPS tools.
• Capability in interpreting threat intelligence and integrating it into SOC operations.