L2 SOC Analyst

Tietoevry Create Ukraine is inviting a talented professional to join our team as a L2 SOC Analyst to join our Security Operations Center (SOC) team. The ideal candidate will have hands-on experience not only with Microsoft Sentinel but also with the broader Microsoft XDR stack, including Defender for Endpoint, Defender for Identity, Defender for Cloud, and Defender for Office 365. 

Areas of Responsibility:

• Incident Analysis:
  • Perform real-time monitoring and analysis of security events and alerts from various security tools, including SIEM (Sentinel), Microsoft Defender Suite, Firewalls, IDS/IPS, WAFs, and other security logs.
  • Analyze telemetry from Microsoft Defender products (Endpoint, Identity, Cloud, Office 365) within Microsoft Sentinel.
  • Utilize Microsoft 365 Defender’s unified incident queue to correlate alerts across Defender products.
  • Conduct in-depth investigations of escalated security incidents, performing root cause analysis to understand the full scope and impact.
  • Correlate data from multiple sources to identify suspicious activities, attack patterns, and potential threats.
  • Distinguish between false positives and true security incidents, prioritizing and escalating as necessary.
• Incident Response & Remediation:
  • Execute incident response procedures, including containment, eradication, and recovery steps.
  • Leverage Microsoft Defender capabilities for containment and investigation.
  • Provide support during and lead security event investigations, collaborating with internal teams (IT, Network, Applications) and other stakeholders when required.
  • Document all activities during an incident, providing timely status updates and preparing comprehensive incident reports.
  • Recommend and assist in implementing corrective actions and security enhancements to prevent future occurrences.
• Documentation & Reporting:
  • Maintain accurate and up-to-date documentation of security incidents, investigations, procedures (SOPs), and playbooks.
  • Generate regular security reports and metrics for management, highlighting key trends and security posture.
• Mentoring & Collaboration:
  • Mentor and guide junior SOC analysts (L1) in their daily tasks, incident triage, and investigation techniques.
  • Share best practices for Microsoft XDR integration and use cases with junior analysts.
  • Collaborate effectively with other cybersecurity teams (e.g., L3 Analysts) and IT operations.
  • Participate in security awareness initiatives and knowledge sharing sessions.
• Shift Work:
  • Work in a 24x7 rotational shift environment, including night shifts and weekends.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 2-4 years of hands-on experience in a Security Operations Center (SOC) environment.
• Strong, demonstrable experience with SIEM platforms, specifically Microsoft Sentinel and IBM QRadar, including:
  • Alert triage, investigation, and incident response.
  • Active incident response including containment, eradication, and recovery steps
  • Rule updates suggestion, creation, tuning, and optimization.
  • Reports generation.
• In-depth understanding of cybersecurity concepts, including:
  • Network security (TCP/IP, firewalls, IDS/IPS, VPNs, proxies).
  • Endpoint security.
  • Cloud security principles (AWS, Azure, GCP).
  • Common attack vectors, threat actor TTPs, and the MITRE ATT&CK framework.
• Proficiency in analyzing various log types (Windows event logs, Linux logs, network device logs, application logs).
• Experience with other security tools such as EDR solutions (e.g., Microsoft Defender for Endpoint, CrowdStrike), vulnerability scanners, and threat intelligence platforms.
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis is a plus.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills to effectively articulate technical issues to both technical and non-technical audiences.
• Intermediate level of English is a minimum.
• Ability to work independently and as part of a team in a fast-paced environment.

Would be an advantage:

• Familiarity with Microsoft 365 Defender portal and unified incident management.
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Microsoft Identity and Access Administrator Associate (SC-300)
• GIAC Certified Detection Analyst (GCDA)
• CompTIA Cybersecurity Analyst (CySA+)
• IBM Certified Deployment Professional - Security QRadar SIEM