Senior SOC Analyst L2 - Saudi National - Jeddah, KSA

Position OverviewWe are seeking a highly skilled Senior SOC Analyst – Layer 2 (L2) to join our Cybersecurity Operations Center (SOC) in Jeddah. The selected candidate will play a critical role in advanced threat detection, in-depth incident investigation, containment, and response activities across enterprise environments.This position requires strong hands‑on operational experience in SOC environments, with proven capability in analyzing complex security events, leading incident response activities, tuning detection use cases, and mentoring junior analysts (L1).Key Responsibilities1. Advanced Threat Monitoring & AnalysisPerform in-depth analysis of security alerts escalated from L1 analysts.Investigate complex incidents using SIEM, EDR, NDR, and other security tools.Validate and classify security events to eliminate false positives.Conduct log correlation and behavioral analysis across multiple data sources.Identify Indicators of Compromise (IOCs) and map them to the MITRE ATT&CK framework.2. Incident Response & ContainmentLead incident triage, containment, eradication, and recovery efforts.Coordinate with IT, network, cloud, and system teams during active incidents.Perform root cause analysis and recommend corrective security controls.Develop and update Incident Response playbooks and runbooks.Support digital evidence preservation and forensic readiness.3. SIEM & Detection Engineering SupportCreate and tune correlation rules and detection use cases in Splunk Enterprise Security, IBM QRadar, or equivalent SIEM platforms.Enhance alert logic to reduce false positives and improve detection accuracy.Develop advanced queries (e.g., SPL, AQL, KQL) for threat hunting.Ensure log sources are properly normalized and mapped to data models.4. Threat Hunting & Proactive DefenseConduct proactive threat hunting using EDR, SIEM, and threat intelligence feeds.Investigate suspicious anomalies and lateral movement indicators.Integrate threat intelligence into detection logic.Participate in purple team exercises and attack simulations.5. Endpoint & Network Security OperationsPerform deep investigations using EDR solutions such as Microsoft Defender for Endpoint, CrowdStrike Falcon, or equivalent.Analyze firewall, proxy, VPN, IDS/IPS logs (e.g., Palo Alto, Fortinet, Cisco).Monitor and investigate suspicious email threats (phishing, malware, BEC).6. Escalation & ReportingPrepare detailed incident reports with technical findings and executive summaries.Escalate high‑severity incidents to SOC Manager and CISO when required.Provide weekly and monthly security incident metrics.Support compliance and audit reporting requirements (SAMA CSF, NCA ECC, ISO 27001, PCI DSS).On-Call SupportParticipate in 24x7 on‑call rotation for critical incident handling.Respond to high‑severity incidents outside business hours when required.Candidates must demonstrate proven hands‑on experience in:Minimum 5–7 years of experience in SOC operations.At least 3 years in an L2 role or equivalent advanced SOC position.Hands‑on experience with enterprise SIEM platforms (Splunk, QRadar, ArcSight, Sentinel).Advanced log analysis and event correlation.Incident response lifecycle management.EDR investigation and containment.Malware analysis fundamentals (hash analysis, sandboxing, behavior analysis).Network traffic analysis (PCAP, NetFlow, TCP/IP fundamentals).Strong understanding of Windows/Linux security events.Experience working in regulated environments (Banking, Government, Critical Infrastructure preferred).Familiarity with cloud security monitoring (Azure/AWS logs preferred).Preferred Technical KnowledgeMITRE ATT&CK framework mapping.#J-18808-Ljbffr