The SOC Sr Analyst L2 serves as the escalation point for complex security incidents detected within IBM QRadar. The L2 analyst conducts deep-dive investigations, performs threat hunting, tunes correlation rules, and coordinates incident response activities. This role requires strong analytical and technical expertise in QRadar SIEM operations, along with proactive detection and threat mitigation skills.
Key Responsibilities
• Analyze escalated incidents and offenses from L1 analysts for deeper investigation and containment.
• Perform in-depth log correlation and timeline reconstruction using IBM QRadar.
• Develop and fine-tune QRadar correlation rules, AQL searches, and custom use cases for improved detection.
• Perform proactive threat hunting across multiple data sources using QRadar and threat intelligence feeds.
• Coordinate response actions during security incidents, ensuring containment, eradication, and recovery.
• Lead the root cause analysis (RCA) and prepare incident summary reports with actionable recommendations.
• Integrate and validate external threat intelligence feeds (STIX/TAXII) within QRadar for advanced correlation.
• Collaborate with IT, network, and endpoint teams for incident validation and resolution.
• Support vulnerability management, patch validation, and policy enforcement activities.
• Provide mentorship and technical guidance to L1 analysts.
• Participate in continuous improvement initiatives for SOC processes and playbooks.
Required Technical Skills
• Advanced proficiency with IBM QRadar SIEM – rule creation, offense management, AQL queries, dashboards.
• Strong understanding of network and endpoint telemetry, including firewall, proxy, and EDR logs.
• Experience with malware analysis, phishing investigation, and digital forensics concepts.
• Knowledge of scripting languages (Python, PowerShell, or Bash) for automation of analysis tasks.
• Understanding of threat intelligence platforms and integration mechanisms (STIX/TAXII).
• Experience in incident response processes aligned with NIST or SANS frameworks.
• Ability to work independently and collaboratively in high-pressure security incidents.
• Excellent report writing, communication, and documentation skills.
Qualifications & Certifications
• Bachelor’s or master’s degree in computer science, Cybersecurity, or related discipline.
• 2–5 years of experience in SOC, Incident Response, or Threat Analysis roles.
• Preferred certifications: IBM Certified Analyst – QRadar SIEM, GCIH, GCIA, CEH, CySA+, or MITRE ATT&CK Defender (MAD).
