Description:
The Tier 2 SOC Security Analyst exists to strengthen Descartes’ ability to detect, investigate, and respond to sophisticated security threats across a complex enterprise environment. This role ensures that escalated alerts are deeply analyzed, detection capabilities continuously improve, and the organization becomes faster, smarter, and more resilient in defending against evolving cyber risks.
Outcomes: What Success Looks Like
- High-Fidelity Incident Response: Investigate and resolve escalated security events with clear determination of scope, root cause, and remediation actions, improving mean time to detect (MTTD) and respond (MTTR) by measurable targets.
- Improved Detection Quality: Reduce false positives and increase true positive detection rates through continuous tuning across Sentinel, CSE, and other SOC platforms.
- Operational Excellence in SOC: Maintain high-quality case management, queue hygiene, and reporting standards, contributing to consistent weekly SOC reporting and metrics accuracy.
- Automation Impact: Deliver automation solutions that reduce manual SOC workload and improve response speed (e.g., reporting, enrichment, workflow automation).
- Enhanced Visibility: Successfully onboard and normalize new log sources and detection use cases, improving coverage across cloud, identity, endpoint, and network domains.
- Proactive Threat Identification: Conduct regular threat hunting activities that uncover previously undetected risks and translate findings into actionable detection improvements.
- Stronger Security Posture: Collaborate cross-functionally to validate suspicious activity, improve controls, and support incident response readiness across the organization.
Skills & Competencies — How The Work Gets Done
Technical & Role-Specific
- Strong experience with SIEM and security platforms (e.g., Microsoft Sentinel, Sumo Logic / CSE, CrowdStrike, Defender, Zscaler, GuardDuty)
- Ability to perform deep technical investigations across cloud, endpoint, identity, email, and network domains
- Detection tuning, rule development, and alert optimization experience
- Scripting and automation skills (Python, PowerShell, or workflow automation tools)
- Understanding of log ingestion, parsing, normalization, and enrichment processes
- Familiarity with MITRE ATT&CK and threat hunting methodologies