**Job Summary** The SOC L2 Analyst is responsible for **deeper analysis and incident response**. They investigate alerts escalated by L1 analysts, perform **root cause analysis**, and coordinate **containment and remediation** efforts. L2 Analysts act as **incident handlers** and guide L1s on analysis procedures. **Key Responsibilities** * Investigate and validate **escalated incidents** from SOC L1\. * Perform **detailed log analysis** across multiple systems (firewalls, endpoints, servers). * Identify **attack patterns, indicators of compromise (IOCs)**, and determine the **scope and impact** of attacks. * Coordinate with **IT and security teams** to contain and eradicate threats. * Develop and maintain **incident response playbooks**. * Perform **threat hunting** using EDR/XDR and SIEM tools. * Conduct **malware analysis** and support forensics where needed. * Mentor and train **SOC L1 Analysts** on triage and alert handling. * Contribute to improving **detection rules and automation**. * Document incidents thoroughly and prepare **post\-incident reports**. **Skills \& Knowledge** * Strong understanding of **network security, firewalls, intrusion detection systems**. * Experience with **SIEM, EDR/XDR, and threat intelligence tools**. * Knowledge of **incident response lifecycle** and **MITRE ATT\&CK framework**. * Ability to **analyze logs** from multiple sources and correlate events. * Scripting or automation skills (Python, PowerShell) are an advantage. **Education \& Certifications** * Bachelor’s in **Cybersecurity, Computer Science, or Information Security**. * 3 to 5 years of SOC or cybersecurity experience. * Preferred certifications: * **CompTIA CySA\+** * **EC\-Council Certified SOC Analyst (CSA)** * **Microsoft SC\-200** * **GIAC Certified Incident Handler (GCIH)** * **Certified Ethical Hacker (CEH)** Job Type: Full\-time Ability to commute/relocate: * Muscat: Reliably commute or planning to relocate before starting work (Required) Application Question(s): * what is your monthly current salary? * what is your monthly expected salary? * what is your notice period? Education: * Bachelor's (Required) Experience: * Security Operation Centre L2: 5 years (Required)