SOC Analyst L2 - Tietoevry Create (m/f/d)

Job Description

About the Role: We are seeking a highly motivated and experienced L2 SOC Analyst to join our Security Operations Center (SOC) team. The ideal candidate will play a critical role in detecting, analyzing, and responding to cybersecurity threats and incidents. This position requires strong analytical skills, in-depth knowledge of security operations, and hands-on expertise with Security Information and Event Management (SIEM) platforms, particularly IBM QRadar and/or Microsoft Sentinel.

Responsibilities:

• Incident Analysis:
  • Conduct in-depth investigations of escalated security incidents, performing root cause analysis to understand the full scope and impact.
  • Correlate data from multiple sources to identify suspicious activities, attack patterns, and potential threats.
  • Distinguish between false positives and true security incidents, prioritizing and escalating as necessary.
• Incident Response & Remediation:
  • Execute incident response procedures, including containment, eradication, and recovery steps.
  • Provide support during and lead security event investigations, collaborating with internal teams (IT, Network, Applications) and external stakeholders when required.
  • Document all activities during an incident, providing timely status updates and preparing comprehensive incident reports.
  • Recommend and assist in implementing corrective actions and security enhancements to prevent future occurrences.
  • Finetune existing usecases as part of remediation steps.
• Threat Hunting & Intelligence:
  • Proactively hunt for threats using threat intelligence feeds (IOCs, TTPs), SIEM data, and other security tools to uncover stealthy attacks.
  • Analyze emerging threats, vulnerabilities, and attack techniques, and provide actionable intelligence to the team.
• Documentation & Reporting:
  • Maintain accurate and up-to-date documentation of security incidents, investigations, procedures (SOPs), and playbooks.
  • Generate regular security reports and metrics for management, highlighting key trends and security posture.
• Mentoring & Collaboration:
  • Mentor and guide junior SOC analysts (L1) in their daily tasks, incident triage, and investigation techniques.
  • Collaborate effectively with other cybersecurity teams (e.g., L3 Analysts, GRC, Red Team) and IT operations.
  • Participate in security awareness initiatives and knowledge sharing sessions.

Required Skills & Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 4-6 years of hands-on experience in a Security Operations Center (SOC) environment.
• Strong, demonstrable experience with SIEM platforms, specifically IBM QRadar and/or Microsoft Sentinel, including:
  • Understand the logs.
  • Alert triage, investigation, and incident response.
  • Rule creation, tuning, and optimization.
  • Dashboard and report generation.
• In-depth understanding of cybersecurity concepts, including:
  • Networking and Network security (TCP/IP, firewalls, IDS/IPS, VPNs, proxies).
  • Endpoint security.
  • Cloud security principles (AWS, Azure, GCP).
  • Common attack vectors, threat actor TTPs, and the MITRE ATT&CK framework.
• Proficiency in analyzing various log types (Windows event logs, Linux logs, network device logs, application logs).
• Experience with other security tools such as EDR solutions (e.g., Microsoft Defender for Endpoint, CrowdStrike), vulnerability scanners, and threat intelligence platforms.
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis is a plus.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills to effectively articulate technical issues to both technical and non-technical audiences.
• Ability to work independently and as part of a team in a fast-paced environment.

Preferred Certifications (one or more):

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• IBM Certified Deployment Professional - Security QRadar SIEM

Additional Information

At Tietoevry, we believe in the power of diversity, equity, and inclusion. We encourage applicants of all backgrounds, genders (m/f/d), and walks of life to join our team, as we believe that this fosters an inspiring workplace and fuels innovation. Our commitment to openness, trust, and diversity is at the heart of our mission to create digital futures that benefit businesses, societies, and humanity.

Diversity, equity and inclusion (tietoevry.com)