L2 – SOC Analyst
Website TeamPlus
Role Objective Investigate, hunt, and lead escalated incident response using advanced threat
detection from SIEM, EDR, NDR; develop custom use cases for detection
Experience Level 2–5 years of experience in SOC operations, incident response, threat hunting, and
detection engineering
Certifications (Preferred) – GCIH, GCIA, CEH, SC-200, QRadar Admin, Microsoft SC-100
– Hands-on exposure to Darktrace/LinkShadow deployments
SIEM Tool Proficiency
– Advanced query writing (KQL/AQL)
– Custom correlation rules
– Detection use case development
– Alert tuning and threat hunting in Sentinel/QRadar
EDR/XDR Experience
– Deep dive into Defender alerts
– Analyze suspicious binaries/processes
– Lead endpoint containment via Defender or other EDR tools
NDR Tool Proficiency
– Triage and investigate alerts from NDR tools
– Behavioral analysis and traffic pattern baselining
– Develop custom detection logic in Darktrace/LinkShadow
Monitoring & Triage
– Identify lateral movement, C2, exfiltration
– Correlate across multiple sources
– Suppress false positives through advanced triage
Threat Hunting – Perform proactive hunting using log, flow, and behavior-based analytics
– Apply MITRE ATT&CK techniques for hypothesis-driven hunting
SIEM Use Case
Development
– Develop, test, and deploy detection rules in QRadar/Sentinel
– Maintain detection engineering backlog
– Align use cases with emerging threats and attack frameworks
Threat Intelligence Usage
– Integrate threat intel feeds
– IOC/TTP enrichment
– Use Threat Intelligence for contextual correlation and detection enhancement
Incident Response
Support
– Lead investigation
– Suggest/coordinate containment
– Engage in RCA and reporting
Tool Familiarity
– All L1 tools +:
– Defender for Identity / Defender for Cloud
– Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR)
– Network forensic tools like Wireshark / Zeek
Cloud Security (Optional) – Analyze cloud-native alerts (e.g., impossible travel, app consent abuse)
– Use Defender for Cloud, MCAS, and M365 Defender
Shift Readiness Yes — 24×7 rotation, including on-call availability for escalations and critical
incident handling
Reporting Skills
– Draft technical investigation reports
– RCA documentation
– Executive-level summaries
Soft Skills
– Independent problem solver
– Critical thinker
– Strong documentation and communication skills
