Senior SOC Analyst L2 - Saudi National - Jeddah, KSA

Position Overview

We are seeking a highly skilled Senior SOC Analyst – Layer 2 (L2) to join our Cybersecurity Operations Center (SOC) in Jeddah. The selected candidate will play a critical role in advanced threat detection, in-depth incident investigation, containment, and response activities across enterprise environments.

This position requires strong hands-on operational experience in SOC environments, with proven capability in analyzing complex security events, leading incident response activities, tuning detection use cases, and mentoring junior analysts (L1).

________________________________________

Key Responsibilities

1. Advanced Threat Monitoring & Analysis

• Perform in-depth analysis of security alerts escalated from L1 analysts.

• Investigate complex incidents using SIEM, EDR, NDR, and other security tools.

• Validate and classify security events to eliminate false positives.

• Conduct log correlation and behavioral analysis across multiple data sources.

• Identify Indicators of Compromise (IOCs) and map them to the MITRE ATT&CK framework.

2. Incident Response & Containment

• Lead incident triage, containment, eradication, and recovery efforts.

• Coordinate with IT, network, cloud, and system teams during active incidents.

• Perform root cause analysis and recommend corrective security controls.

• Develop and update Incident Response playbooks and runbooks.

• Support digital evidence preservation and forensic readiness.

3. SIEM & Detection Engineering Support

• Create and tune correlation rules and detection use cases in Splunk Enterprise Security, IBM QRadar, or equivalent SIEM platforms.

• Enhance alert logic to reduce false positives and improve detection accuracy.

• Develop advanced queries (e.g., SPL, AQL, KQL) for threat hunting.

• Ensure log sources are properly normalized and mapped to data models.

4. Threat Hunting & Proactive Defense

• Conduct proactive threat hunting using EDR, SIEM, and threat intelligence feeds.

• Investigate suspicious anomalies and lateral movement indicators.

• Integrate threat intelligence into detection logic.

• Participate in purple team exercises and attack simulations.

5. Endpoint & Network Security Operations

• Perform deep investigations using EDR solutions such as Microsoft Defender for Endpoint, CrowdStrike Falcon, or equivalent.

• Analyze firewall, proxy, VPN, IDS/IPS logs (e.g., Palo Alto, Fortinet, Cisco).

• Monitor and investigate suspicious email threats (phishing, malware, BEC).

6. Escalation & Reporting

• Prepare detailed incident reports with technical findings and executive summaries.

• Escalate high-severity incidents to SOC Manager and CISO when required.

• Provide weekly and monthly security incident metrics.

• Support compliance and audit reporting requirements (SAMA CSF, NCA ECC, ISO 27001, PCI DSS).

On-Call Support

• Participate in 24x7 on-call rotation for critical incident handling.

• Respond to high-severity incidents outside business hours when required.

Requirements:
Candidates must demonstrate proven hands-on experience in:

• Minimum 5–7 years of experience in SOC operations.

• At least 3 years in an L2 role or equivalent advanced SOC position.

• Hands-on experience with enterprise SIEM platforms (Splunk, QRadar, ArcSight, Sentinel).

• Advanced log analysis and event correlation.

• Incident response lifecycle management.

• EDR investigation and containment.

• Malware analysis fundamentals (hash analysis, sandboxing, behavior analysis).

• Network traffic analysis (PCAP, NetFlow, TCP/IP fundamentals).

• Strong understanding of Windows/Linux security events.

• Experience working in regulated environments (Banking, Government, Critical Infrastructure preferred).

• Familiarity with cloud security monitoring (Azure/AWS logs preferred).

Preferred Technical Knowledge

• MITRE ATT&CK framework mapping.