SOC L2 Analyst

About the role

The Security Operations Center (SOC) Level 2 Analyst will lead advanced security monitoring, threat analysis, and incident investigation for CFI Financial Group's virtual asset trading platform. This position serves as the escalation point for Level 1 analysts and drives complex incident response activities to protect client assets and platform integrity.

Key responsibilities

• Lead investigations of escalated security incidents, perform root‑cause analysis and scope assessment.
• Coordinate response actions according to the company’s Incident Response Plan and produce detailed incident reports.
• Conduct forensic analysis across network, endpoint, and blockchain‑related systems.
• Monitor and analyze alerts from SIEM, EDR, IDS/IPS, and blockchain analytics tools; develop and tune detection rules.
• Perform threat hunting to identify APTs, insider threats, and malicious IOCs.
• Provide guidance and mentorship to SOC L1 analysts and validate escalated alerts.
• Participate in vulnerability management, support penetration testing, and verify remediation.
• Maintain dashboards, security‑operations metrics, and ensure compliance with regulatory reporting requirements.

Required profile

• Bachelor’s degree in Cybersecurity, IT, Computer Science or a related field.
• 4–5 years of experience in security operations or incident response.
• Strong understanding of network, endpoint, and cloud security principles.
• Hands‑on experience with SIEM platforms and EDR/XDR solutions.
• Knowledge of attack frameworks (MITRE ATT&CK) and threat‑intelligence methodologies.
• Excellent analytical and problem‑solving abilities.

Required skills

• SIEM platforms (e.g., Splunk, QRadar, Wazuh, Microsoft Sentinel)
• EDR/XDR solutions
• Forensic analysis tools
• IDS/IPS
• Blockchain analytics tools
• MITRE ATT&CK framework
• Threat‑intelligence feeds
• Vulnerability management processes
• Penetration testing support