SOC Analyst Tier 2- 234954

Job Description:

The role involves in-depth investigation of complex security alerts, cyber incident response, writing advanced monitoring and detection rules, and close collaboration with infrastructure and development teams to reduce the organization’s attack surface.

Key Responsibilities:

• Investigate security incidents and provide escalation support for Tier 1
• Conduct comprehensive investigations of complex security alerts, breach incidents, and suspected malicious activity (Malware, Phishing, Unauthorized Access)
• Perform proactive threat hunting across the organization, focusing on low-signature malicious activity and behavioral anomalies, using advanced statistical analysis, long-term event correlation, and MITRE ATT&CK–based detection techniques
• Conduct basic endpoint forensics and network traffic analysis to identify initial access vectors and assess impact scope
• Analyze and tune detection rules in SIEM/XDR systems to reduce false positives and improve overall effectiveness
• Identify gaps in SOC processes and initiate improvement projects
• Mentor and provide professional guidance to Tier 1 analysts

Mandatory Professional Requirements (Education & Experience):

• 2–3 years of experience as a SOC Analyst (preferably with prior Tier 1 or system/network role experience)
• Proven experience in investigating, analyzing, and responding to cybersecurity incidents
• Hands-on experience working and investigating in multi-cloud environments (AWS/Azure)
• Practical experience with security technologies such as Firewalls, IPS, WAF, XDR/EDR, and SIEM
• Strong understanding of network protocols (TCP/IP, DNS, HTTP/S) and network traffic analysis
• Ability to perform basic static and dynamic analysis of suspicious files
• Strong technical reporting skills (Hebrew and English)

Advantages:

• Scripting skills in Python or PowerShell for investigation and automation
• Experience with Sentinel, Splunk, or Palo Alto Cortex
• Ability to write complex queries in KQL and/or SPL