Job Title: L2 SOC Analyst
Location: Hybrid Worker (3 days office based) - York 
Focus Areas: Microsoft Sentinel, XDR, SIEM, SOAR, Vulnerability Management

Key Responsibilities:

1. Security Monitoring and Incident Response:
• Continuously monitor and investigate security events in Microsoft Sentinel and other SIEM/XDR platforms.
• Triage, analyze, and respond to security incidents (L2 escalations) involving malware, phishing, unauthorized access, data exfiltration, etc.
• Collaborate with L1 SOC Analysts to support escalations and provide guidance on more complex incidents.
• Use SOAR (Security Orchestration, Automation, and Response) playbooks for automated response and containment.
2. Threat Intelligence and Threat Hunting:
• Conduct proactive threat hunting within customer environments using SIEM, XDR, and threat intelligence feeds.
• Analyze advanced persistent threats (APTs), malicious campaigns, and other cyber threats using threat intelligence.
3. Vulnerability Management:
• Analyze vulnerability scans and assess the security posture of customer environments.
• Collaborate with customers' IT teams to prioritize and remediate critical vulnerabilities.
• Monitor and ensure patch management cycles are completed successfully.
4. Security Orchestration (SOAR) and Automation:
• Create and maintain SOAR workflows to automate incident response actions like blocking IPs, isolating systems, and notifying stakeholders.
• Evaluate the effectiveness of SOAR playbooks and recommend improvements for better automation of routine tasks.
5. Platform Administration and Optimization:
• Manage and fine-tune Microsoft Sentinel, XDR, SIEM, and SOAR platforms to ensure optimal performance and log ingestion.
• Maintain up-to-date security content such as detection rules, analytics queries, correlation rules, and response playbooks.
6. Reporting and Compliance:
• Generate security reports, including incident summaries, threat intelligence, and vulnerability reports, for internal and client-facing purposes.
• Ensure compliance with security frameworks such as ISO 27001, NIST, GDPR, and industry-specific standards relevant to clients.

Required Skills and Qualifications:

1. Technical Expertise:
• Strong experience with Microsoft Sentinel and other SIEM platforms (Splunk, QRadar, etc.).
• Familiarity with Extended Detection and Response (XDR) platforms (Defender, Trend Micro, etc.).
• Strong knowledge of Vulnerability Management tools (Tenable, Qualys, etc.) and processes.
• Proficiency with scripting languages (PowerShell, Python, KQL) for automation and threat hunting.
2. Security Fundamentals:
• Strong knowledge of network security, firewalls, IDS/IPS, endpoint protection, and DLP solutions.
• Experience with incident response, malware analysis, forensics, and intrusion detection techniques.
• Familiarity with MITRE ATT&CK framework and TTP (Tactics, Techniques, and Procedures) of threat actors.
3. Problem Solving and Analytical Thinking:
• Ability to analyze and interpret security events, logs, and incident data.
• Proficiency in building detection rules, analytics queries (KQL, SQL), and customizing SIEM dashboards.
4. Communication and Collaboration:
• Strong communication skills for interfacing with clients, internal teams, and stakeholders.
• Ability to provide detailed incident reports and make security recommendations to improve security posture.
5. Certifications (Preferred but not mandatory):
• Microsoft Certified: Security Operations Analyst Associate.
• CompTIA Security+, Certified SOC Analyst (CSA), GIAC Certified Incident Handler (GCIH), or similar.
• Familiarity with frameworks such as CIS, NIST CSF, ISO 27001, or SOC 2.

Experience:

• 2-4 years of SOC experience, preferably in a Managed Security Services Provider (MSSP) or Managed Service Provider (MSP) environment.
• Previous experience working with enterprise-level clients on security monitoring, incident response, and vulnerability management.

Soft Skills:

• Strong teamwork and collaboration in fast-paced environments.
• Ability to work under pressure and handle multiple incidents simultaneously.
• Eagerness to learn and keep up with evolving security threats and technologies.