L2 SOC Analyst / Security Delivery Consultant

About the role

This role is part of the Cyber Fusion Center’s SOC team, responsible for advanced monitoring, investigation, and response to security incidents across client environments. Acting as the escalation point for L1 analysts, the role plays acritical part in enhancing detection capabilities and strengthening incident response processes.

In addition, the position ensures the successful delivery and continuous optimization of managed security services. It combines deep technical expertise with client-facing responsibilities, ensuring alignment with service-level agreements (SLAs), improving clients’ security posture, and driving ongoing service enhancements.

Key Responsibilities:

Security Monitoring \& Incident Response

• Perform advanced analysis and investigation of security alerts from SIEM platforms(e.g. Google SecOps).
• Act as escalation point for L1 analysts for complex incidents.
• Lead incident response activities including triage, containment, eradication, and recovery.
• Conduct threat hunting and proactive detection using threat intelligence and behavioral analytics.

Detection Engineering \&Continuous Improvement

• Tune and enhance SIEM rules, use cases, and detection logic.
• Support onboarding and validation of log sources and assets.
• Develop and maintain SOC playbooks and response procedures.
• Continuously improve detection coverage aligned with frameworks (e.g., MITRE ATT\&CK).

Service Delivery \& Client Engagement

• Serve as a key point of contact for client security operations matters.
• Ensure SOC services are delivered in accordance with SLAs and KPIs.
• Conduct regular reporting and service review sessions with clients.
• Provide actionable security recommendations based on findings and threat landscape.
• Validate onboarding of client infrastructure (log sources, assets, integrations).
• Ensure visibility across tools (SIEM, SOAR, EDR, Threat Intel).

Reporting \& Governance

• Produce detailed incident reports, executive summaries monthly reporting, and service metrics.
• Track SLA performance, incident trends, and operational KPIs.
• Support compliance, audit, and governance requirements

Candidate requirements:

• 3 – 6 years of experience in SOC operations, cybersecurity, or managed security services.
• Hands-on experience with SIEM (Google Chronicle/SecOps preferred).

• Strong knowledge of:

• Incident response and threat analysis

• Network, endpoint, and cloud security
• MITRE ATT\&CK framework
• Experience in client-facing or service delivery roles is highly preferred.
• Familiarity with tools such as EDR/XDR (e.g. Crowdstrike, MS defender), TI (e.g. Cyble, GTI), JumpCloud, and cloud platforms.

• Relevant certifications (preferred):

• CompTIA Security+, CySA+

• CEH, GCIA, GCIH
• CISSP or CISM