Security Analyst L2 (Tier 2 SOC Analyst)

Job Description

As a Security Analyst L2, you will serve as the escalation point for Tier 1 analysts, performing deep-dive investigations, threat hunting, and leading incident response activities across a portfolio of client environments in a fast-paced managed security operation.

• Location: Dubai, UAE (Candidates must be currently based in the UAE)
• Experience: 4–7 years in SOC, incident response, or cybersecurity operations
• Availability: Immediate joiners preferred
• Work Schedule: Rotating shifts with on-call responsibilities
• Education: Bachelor's degree in IT, Cybersecurity, Computer Science, or related field
• Compensation: Competitive market package

• Incident Investigation: Perform in-depth analysis of escalated alerts, determining scope, root cause, and business impact through multi-source log correlation and telemetry review
• Threat Hunting: Proactively search for indicators of compromise and hidden threats across client environments using behavioral analytics and threat intelligence
• Incident Response: Lead containment, eradication, and recovery activities for confirmed security incidents; coordinate actions across client and internal teams
• Malware Analysis: Conduct basic static and dynamic analysis of suspicious files and artifacts
• SIEM Health & Tuning: Support SIEM health monitoring, log source onboarding troubleshooting, and detection rule tuning to reduce false positives and improve signal quality
• Playbook Development: Author, maintain, and refine SOC runbooks, correlation rules, and response procedures based on emerging threats and lessons learned
• Client Reporting: Produce clear incident reports, post-incident summaries, and where required, executive-level dashboards for client stakeholders
• Mentoring: Guide and support L1 analysts on triage techniques, escalation decisions, and investigative methodology

• Advanced experience with SIEM platforms including log correlation, parser management, and detection rule tuning
• Strong knowledge of endpoint, network, email, and cloud security telemetry (Azure, Microsoft 365, Entra ID)
• Hands-on experience with EDR platforms, packet analysis (Wireshark), and forensic investigation tools
• Solid understanding of the full attack lifecycle, MITRE ATT&CK, and threat intelligence frameworks
• Experience with root cause analysis across multi-source telemetry in complex, multi-client environments
• Familiarity with scripting (Python, PowerShell) for alert automation, investigation support, and workflow improvement
• Experience with ticketing and case management platforms
• Relevant certifications preferred: CySA+, GCIH, GCFE, CEH, or equivalent
• Strong analytical mindset with the ability to lead investigations independently under pressure
• Hands-on experience with network security technologies including firewalls, IDS/IPS, VPNs, and network traffic analysis for threat detection and incident response