L2 SOC Analyst

1 week ago

Malang, East Java, Indonesia Nawatech Full time 400,000 - 1,200,000 per year

What You Will Do

  • Monitor and analyze security events using SIEM platforms such as Microsoft Sentinel, Splunk, Wazuh, or Google SecOps.
  • Triage and investigate security alerts to determine their nature, severity, and impact.
  • Perform in-depth analysis of potential security incidents and escalate confirmed threats to appropriate teams.
  • Coordinate with Tier 1 analysts and incident response teams to ensure effective containment, eradication, and recovery.
  • Maintain detailed documentation of investigations, actions taken, and incident resolution timelines.
  • Refine and enhance SOC playbooks, response workflows, and detection rules.
  • Perform proactive threat hunting using IOCs and behavioral patterns from internal and external threat intelligence.
  • Provide insights and recommendations for system hardening, patching, and configuration improvements.
  • Mentor and support SOC L1 analysts through technical guidance and knowledge sharing.

What You Will Need

  • 1–3 years of experience in cybersecurity operations, threat detection, or IT security.
  • Hands-on experience with at least one SIEM solution (e.g., Sentinel, Splunk, Wazuh, Google SecOps).
  • Proficient in log analysis across diverse platforms (Windows, Linux, cloud services).
  • Knowledge of common attack vectors, tactics, and techniques (e.g., OWASP Top 10, MITRE ATT&CK).
  • Ability to respond calmly and effectively in high-pressure incident scenarios.

Nice to Have

  • Industry certifications: CompTIA Security+, SC-200, Google Security, or equivalent.
  • Basic scripting ability (Python, PowerShell, Bash) for automation and log parsing.
  • Exposure to cloud security monitoring (Azure Security Center, AWS GuardDuty, GCP SOC).
  • Familiarity with case management and SOAR platforms.

SOC Operational Focus

  • Detection & Analysis: Identify real threats from false positives using contextual analysis and security telemetry.
  • Incident Handling: Drive the incident lifecycle from identification through containment and recovery.
  • Threat Intelligence Integration: Enrich alerts with threat intel to improve detection fidelity.
  • Reporting & Metrics: Contribute to weekly threat trend reports, KPIs, and post-incident summaries.
  • Continuous Improvement: Participate in SOC tuning activities and detection use-case refinement.