Role Purpose

The SOC Analyst Level 2 is responsible for advanced monitoring, analysis, investigation, and coordination of information security incidents across Equity Group. The role builds Level 1 SOC capabilities and focuses on incident management, technical analysis, escalation, forensic investigation, and collaboration with internal and external stakeholders to protect the confidentiality, integrity, and availability of Group information assets.

Key Responsibilities

• Lead and manage security incident activities from identification through containment, eradication, and recovery.
• Assess incidents against predefined criteria and determine when escalation to a Declared Security Incident is required.
• Coordinate incident response activities including escalations, notifications, stakeholder communications, and incident bridges.
• Communicate the impact and nature of security incidents in business and operational continuity terms.
• Conduct advanced technical assessments of security incidents including malware analysis, packet-level analysis, and system-level forensic investigations.
• Perform network traffic analysis to extract content and context from packet captures.
• Reconstruct sessions, retrieve files from network captures, and support forensic investigations.
• Interpret vulnerability reports and determine effective detection and mitigation approaches.
• Assess severity levels of security threats (incidents, vulnerabilities, malicious code) and ensure timely notification and escalation.
• Monitor, manage, and correlate information from public and private threat intelligence sources.
• Identify emerging threats and recommend preventive or detective control enhancements.
• Demonstrate a strong understanding of Equity Group security controls, their configuration, and intended purpose.
• Understand log correlation rules, thresholds, and workflows that drive SOC operations.
• Recommend configuration changes to security controls and clearly articulate associated business risks and technical impacts.
• Understand the architecture, data flows, and end-to-end incident management processes within Equity Group.
• Demonstrate advanced knowledge of networking concepts, TCP/IP protocol internals (TTL, flags, fragmentation, RWIN), routing, and infrastructure protocols.
• Interpret the impact of network access control lists (ACLs) on application protocols.
• Understand modern distributed authentication systems (Kerberos, RADIUS, TACACS, X.509) and interpret authentication sessions.
• Demonstrate working knowledge of Windows, Unix, and Linux operating systems.
• Perform advanced packet capture and analysis using tools such as Wireshark, tcpdump, Snort, and Suricata.
• Generate and interpret advanced port scans.
• Maintain and secure server hosts and virtual machine images used for analysis and testing.
• Locate and analyze system and application logs across major operating systems.
• Demonstrate a strong understanding of computer security forensics and vulnerability analysis.
• Explain the differences between risk, vulnerability, exploit, and exposure to technical and non-technical audiences.
• Recognize modern exploit and payload delivery mechanisms including XSS, CSRF, and shellcode.
• Demonstrate general scripting and data analysis skills.
• Understand execution flow in modern programming and scripting languages.
• Read and interpret scripts written by others.
• Demonstrate understanding of advanced SQL queries.
• Maintain and contribute to SOC technical documentation, procedures, and standards.
• Produce situation analysis and post-incident reports to support continuous improvement.
• Use Wiki platforms, HTML, diagrams, and flowcharts to clearly document processes and workflows.
• Work closely with SOC Analysts (L1–L3), ICT teams, and other InfoSec sub-functions.
• Participate actively in shift handovers, daily briefings, and incident reviews.
• Contribute to inter-analyst training through documentation, knowledge sharing, and mentoring.
• Maintain an Individual Development Plan (IDP) aligned to career progression within Equity Group.
• Incident handling efficiency and quality, including resolution and escalation accuracy.
• Adherence to SOC processes, SLAs, and escalation procedures.
• Quality of analysis, documentation, and reporting.
• Contribution to knowledge sharing, training, and continuous improvement.
• Contribute meaningful shift handover notes with context and insights.
• Participate in shift forums, team discussions, and SOC improvement initiatives.
• Identify and report SIEM or tooling issues.

Qualifications

Key Technical Skills and Competencies

• Proficient in SIEM, EDR, NDR, and SOAR platforms for alert triage and incident response.
• Strong understanding of threat detection, log analysis, and MITRE ATT&CK techniques.
• Experience with incident escalation, containment actions, and root-cause analysis.
• Knowledge of security controls across network, endpoint, cloud, and identity environments.
• Clear communication, effective handover, and collaboration within SOC and cross-functional teams

Experience Requirements

• Experience with SIEM, SOAR, EDR, and forensic investigation tools in a production environment.
• Demonstrated experience in incident response coordination, escalation, and reporting.
• Experience in financial services or other regulated environments is an added advantage.
• Professional certifications such as GCIA, GCIH, CEH, Security+, or equivalent are highly desirable.
• Exposure to threat intelligence analysis, vulnerability management, and security control tuning.
• Experience in scripting, network packet analysis, and forensic investigation.
• Proven ability to document technical procedures and contribute to knowledge management.

Academic Qualifications and Certifications

• Bachelor’s degree in information security, Computer Science, IT, or related discipline.
• 3–5 years’ experience in a SOC, cyber defense, or security operations environment.

• Lead and manage security incident activities from identification through containment, eradication, and recovery.
• Assess incidents against predefined criteria and determine when escalation to a Declared Security Incident is required.
• Coordinate incident response activities including escalations, notifications, stakeholder communications, and incident bridges.
• Communicate the impact and nature of security incidents in business and operational continuity terms.
• Conduct advanced technical assessments of security incidents including malware analysis, packet-level analysis, and system-level forensic investigations.
• Perform network traffic analysis to extract content and context from packet captures.
• Reconstruct sessions, retrieve files from network captures, and support forensic investigations.
• Interpret vulnerability reports and determine effective detection and mitigation approaches.
• Assess severity levels of security threats (incidents, vulnerabilities, malicious code) and ensure timely notification and escalation.
• Monitor, manage, and correlate information from public and private threat intelligence sources.
• Identify emerging threats and recommend preventive or detective control enhancements.
• Demonstrate a strong understanding of Equity Group security controls, their configuration, and intended purpose.
• Understand log correlation rules, thresholds, and workflows that drive SOC operations.
• Recommend configuration changes to security controls and clearly articulate associated business risks and technical impacts.
• Understand the architecture, data flows, and end-to-end incident management processes within Equity Group.
• Demonstrate advanced knowledge of networking concepts, TCP/IP protocol internals (TTL, flags, fragmentation, RWIN), routing, and infrastructure protocols.
• Interpret the impact of network access control lists (ACLs) on application protocols.
• Understand modern distributed authentication systems (Kerberos, RADIUS, TACACS, X.509) and interpret authentication sessions.
• Demonstrate working knowledge of Windows, Unix, and Linux operating systems.
• Perform advanced packet capture and analysis using tools such as Wireshark, tcpdump, Snort, and Suricata.
• Generate and interpret advanced port scans.
• Maintain and secure server hosts and virtual machine images used for analysis and testing.
• Locate and analyze system and application logs across major operating systems.
• Demonstrate a strong understanding of computer security forensics and vulnerability analysis.
• Explain the differences between risk, vulnerability, exploit, and exposure to technical and non-technical audiences.
• Recognize modern exploit and payload delivery mechanisms including XSS, CSRF, and shellcode.
• Demonstrate general scripting and data analysis skills.
• Understand execution flow in modern programming and scripting languages.
• Read and interpret scripts written by others.
• Demonstrate understanding of advanced SQL queries.
• Maintain and contribute to SOC technical documentation, procedures, and standards.
• Produce situation analysis and post-incident reports to support continuous improvement.
• Use Wiki platforms, HTML, diagrams, and flowcharts to clearly document processes and workflows.
• Work closely with SOC Analysts (L1–L3), ICT teams, and other InfoSec sub-functions.
• Participate actively in shift handovers, daily briefings, and incident reviews.
• Contribute to inter-analyst training through documentation, knowledge sharing, and mentoring.
• Maintain an Individual Development Plan (IDP) aligned to career progression within Equity Group.
• Incident handling efficiency and quality, including resolution and escalation accuracy.
• Adherence to SOC processes, SLAs, and escalation procedures.
• Quality of analysis, documentation, and reporting.
• Contribution to knowledge sharing, training, and continuous improvement.
• Contribute meaningful shift handover notes with context and insights.
• Participate in shift forums, team discussions, and SOC improvement initiatives.
• Identify and report SIEM or tooling issues.

• Proficient in SIEM, EDR, NDR, and SOAR platforms for alert triage and incident response.
• Strong understanding of threat detection, log analysis, and MITRE ATT&CK techniques.
• Experience with incident escalation, containment actions, and root-cause analysis.
• Knowledge of security controls across network, endpoint, cloud, and identity environments.
• Clear communication, effective handover, and collaboration within SOC and cross-functional teams
• Experience with SIEM, SOAR, EDR, and forensic investigation tools in a production environment.
• Demonstrated experience in incident response coordination, escalation, and reporting.
• Experience in financial services or other regulated environments is an added advantage.
• Professional certifications such as GCIA, GCIH, CEH, Security+, or equivalent are highly desirable.
• Exposure to threat intelligence analysis, vulnerability management, and security control tuning.
• Experience in scripting, network packet analysis, and forensic investigation.
• Proven ability to document technical procedures and contribute to knowledge management.

• Bachelor’s degree in information security, Computer Science, IT, or related discipline.
• 3–5 years’ experience in a SOC, cyber defense, or security operations environment.