The Security Operations Centre - L2 Analyst resource has the following key responsibilities:
- Monitoring: Monitoring all technologies, data asset dashboard, sensors and services, and escalate security events and incidents within the SOC.
- Detection: Using your expertise and knowledge in hunting, as well as automated event detection of sensors and services, to identify any suspicious or malicious activity across the enterprise.
- Investigation: SOC L2 Analysts will be expected to investigate events and incidents to determine scope, risk and severity. Furthermore, to determine what is, or has happened. Investigation is also where we determine the root cause and remediation activities.
- Remediation: Working with various departments in the organisation to remove suspicious and malicious activity and traffic, and where required restore services. Make appropriate changes to guarantee the such security events and incidents do not reoccur.
- Review: As part of continuous improvement, review all incidents to improve response processes and actionable intelligence. Where possible move manual process over to automation and orchestration.