Lead Cyber Security Analyst SOC Tier 2

The Lead Cyber Security Analyst is a Tier 2 specialist responsible for advanced incident investigation threat hunting and guiding SOC operations to protect enterprise systems and networks. This role involves acting as the escalation point for L1 analysts leading complex investigations and driving improvements in security detection response and prevention strategies. The Senior SOC Analyst also mentors junior staff and collaborates with cross-functional teams to strengthen the organizations security posture.

Responsibilities:

• Lead triage investigation and containment of complex security incidents escalated from L1.
• Lead Security Incidents and coordinate Incident Response
• Coordinate with stakeholders to contain eradicate and recover from security incidents.
• Conduct root cause analysis malware analysis and advanced forensics (network endpoint and cloud).
• Develop and refine incident response playbooks.
• Proactively hunt for threats using SIEM EDR and threat intelligence feeds.
• Support the creation and optimization of detection rules correlation logic and automation scripts.
• Perform gap analysis to improve detection capabilities.
• Monitor and analyze security alerts from SIEM IDS/IPS EDR DLP and other security platforms.
• Correlate events across multiple data sources for accurate threat assessment.
• Support audits compliance checks and risk assessments.
• Mentor and train SOC L1 analysts on investigation techniques and tools.

Qualifications :

Experience:

• 3 years in cybersecurity with at least 2 years in SOC/Incident Response.
• Advanced knowledge of SIEM EDR IDS/IPS DLP IAM and cloud security tools.
• Hands-on experience in malware analysis memory forensics and log analysis.
• Strong understanding of network protocols secure configurations and common attack techniques (MITRE ATT&CK).
• One or more of the following certifications: OSCP GCIA GCIH CEH CompTIA Security CompTIA Cysa CISSP Security Blue Team L1/L2
• Familiarity with cloud environments (AWS Azure GCP) and container security

Additional Skills:

• Strong problem-solving and analytical skills.
• Ability to remain calm and decisive during high-pressure incidents.
• Excellent communication skills both technical and non-technical.
• Continuous learning mindset and willingness to explore new tools and methods.

Additional Information :

Discover some of the global benefits that empower our people to become the best version of themselves:

• Finance: Competitive salary package share plan company performance bonuses value-based recognition awards referral bonus;   
• Career Development: Career coaching global career opportunities non-linear career paths internal development programmes for management and technical leadership;
• Learning Opportunities: Complex projects rotations internal tech communities training certifications coaching online learning platforms subscriptions pass-it-on sessions workshops conferences;
• Work-Life Balance: Hybrid work and flexible working hours employee assistance programme;
• Health: Global internal wellbeing programme access to wellbeing apps;
• Community: Global internal tech communities hobby clubs and interest groups inclusion and diversity programmes events and celebrations.

At Endava were committed to creating an open inclusive and respectful environment where everyone feels safe valued and empowered to be their best. We welcome applications from people of all backgrounds experiences and perspectivesbecause we know that inclusive teams help us deliver smarter more innovative solutions for our customers. Hiring decisions are based on merit skills qualifications and potential. If you need adjustments or support during the recruitment process please let us know.

Remote Work :

No

Employment Type :

Full-time