Tier 2 SOC Analyst

Zagreb - Croatia

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Key Responsibilities:

Analyze and investigate security alerts escalated from Tier 1 analysts to determine root cause impact and scope.
Perform in-depth incident analysis using SIEM EDR network traffic analysis and log correlation.
Validate true positives and classify incidents according to severity risk and business impact.
Lead containment eradication and recovery actions in coordination with IT IR and other stakeholders.
Create and enrich incident timelines evidence and detailed documentation in incident tracking systems.
Develop update and improve SOC playbooks detection rules and escalation procedures.
Proactively hunt for threats using threat intelligence IOCs and behavioral indicators.
Tune SIEM and EDR alerts to reduce false positives and improve detection accuracy.
Mentor and provide guidance to Tier 1 analysts during investigations and shift operations.
Participate in incident response drills tabletop exercises and post-incident reviews.
Assist in creating reports metrics and dashboards for SOC leadership and stakeholders.
Stay current with emerging threats attack techniques and defensive strategies.
Support shift handovers and ensure continuity of investigations across teams.

Qualifications :

Strong understanding of networking concepts: TCP/IP DNS HTTP/S VPNs firewalls proxies.
Solid experience with Windows and Linux systems including log analysis and command-line tools.
Working knowledge of malware behavior phishing campaigns credential abuse and exploitation techniques.
Hands-on experience with SIEM platforms (Splunk QRadar Microsoft Sentinel etc.).
Experience using EDR/XDR tools (Defender CrowdStrike SentinelOne etc.).
Familiarity with packet capture and network analysis tools (Wireshark Zeek tcpdump).
Understanding of cybersecurity frameworks and methodologies (MITRE ATT&CK NIST kill chain).
Basic scripting or query skills (KQL SPL SQL Python PowerShell) preferred.

Soft Skills:

Strong analytical thinking and investigative mindset.
Ability to manage multiple incidents in a fast-paced SOC environment.
Clear and effective communication with technical and non-technical stakeholders.
Attention to detail and strong documentation habits.
Collaborative mindset with a willingness to mentor junior analysts.
Proactive attitude toward continuous improvement and learning.

Additional Information :

What we offer:

Growth in an open-minded culture with very little hierarchical macrostructure.
Opportunity to achieve your biggest potential and development in your area of responsibility.
Continuous development and advancement through industry-relevant certifications and internal/external training/workshops.
Challenging local and global projects involving current solutions.
Learning and sharing experiences with well-known and respected experts in the field of information/cybersecurity. Positive motivating international work environment.
Hybrid work office work possibility of working from home by agreement.
Flexible working hours.
Additional and supplementary health insurance packages.
Monthly fee for transportation.
Multisport membership.
Pet-friendly office.
Social events and team bonding gatherings.

Remote Work :

Employment Type :

Full-time

Key Responsibilities:Analyze and investigate security alerts escalated from Tier 1 analysts to determine root cause impact and scope.Perform in-depth incident analysis using SIEM EDR network traffic analysis and log correlation.Validate true positives and classify incidents according to severity ris...

Key Responsibilities:

Analyze and investigate security alerts escalated from Tier 1 analysts to determine root cause impact and scope.
Perform in-depth incident analysis using SIEM EDR network traffic analysis and log correlation.
Validate true positives and classify incidents according to severity risk and business impact.
Lead containment eradication and recovery actions in coordination with IT IR and other stakeholders.
Create and enrich incident timelines evidence and detailed documentation in incident tracking systems.
Develop update and improve SOC playbooks detection rules and escalation procedures.
Proactively hunt for threats using threat intelligence IOCs and behavioral indicators.
Tune SIEM and EDR alerts to reduce false positives and improve detection accuracy.
Mentor and provide guidance to Tier 1 analysts during investigations and shift operations.
Participate in incident response drills tabletop exercises and post-incident reviews.
Assist in creating reports metrics and dashboards for SOC leadership and stakeholders.
Stay current with emerging threats attack techniques and defensive strategies.
Support shift handovers and ensure continuity of investigations across teams.

Qualifications :

Strong understanding of networking concepts: TCP/IP DNS HTTP/S VPNs firewalls proxies.
Solid experience with Windows and Linux systems including log analysis and command-line tools.
Working knowledge of malware behavior phishing campaigns credential abuse and exploitation techniques.
Hands-on experience with SIEM platforms (Splunk QRadar Microsoft Sentinel etc.).
Experience using EDR/XDR tools (Defender CrowdStrike SentinelOne etc.).
Familiarity with packet capture and network analysis tools (Wireshark Zeek tcpdump).
Understanding of cybersecurity frameworks and methodologies (MITRE ATT&CK NIST kill chain).
Basic scripting or query skills (KQL SPL SQL Python PowerShell) preferred.

Soft Skills:

Strong analytical thinking and investigative mindset.
Ability to manage multiple incidents in a fast-paced SOC environment.
Clear and effective communication with technical and non-technical stakeholders.
Attention to detail and strong documentation habits.
Collaborative mindset with a willingness to mentor junior analysts.
Proactive attitude toward continuous improvement and learning.

Additional Information :

What we offer:

Growth in an open-minded culture with very little hierarchical macrostructure.
Opportunity to achieve your biggest potential and development in your area of responsibility.
Continuous development and advancement through industry-relevant certifications and internal/external training/workshops.
Challenging local and global projects involving current solutions.
Learning and sharing experiences with well-known and respected experts in the field of information/cybersecurity. Positive motivating international work environment.
Hybrid work office work possibility of working from home by agreement.
Flexible working hours.
Additional and supplementary health insurance packages.
Monthly fee for transportation.
Multisport membership.
Pet-friendly office.
Social events and team bonding gatherings.

Remote Work :

Employment Type :

Full-time

Key Skills

Apply Now

About Company

Diverto

Since its establishment in 2007, Diverto has been dedicated to its primary goal - to make the digital space as safe as possible for all its clients, itself and the wider community. Part of Marlink. Marlink is a global leader in ICT solutions for remote locations and critical infrastru ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click