PitchMeAI
Quzara LLC

L2 SOC Analyst

Quzara LLC · United States

  • Hybrid
  • Full-time
  • $95,000 / year
  • United States

Job highlights

  • Monitor and analyze security events using advanced tools.
  • Investigate and respond to potential security threats.
  • Perform end-to-end incident response activities.
  • Utilize KQL and SPL for threat hunting and analysis.
  • Work in a 24/7 SOC environment with rotating shifts.

About the role

L2 SOC Analyst

Quzara, a leading Cyber Security Firm, is seeking a highly skilled and experienced L2 SOC Analyst to join our Security Operations Center (SOC). This fully remote role is critical to our mission of protecting our clients from cybersecurity threats. The L2 SOC Analyst will be responsible for monitoring and analyzing security events, identifying and investigating potential security threats, and responding to security incidents. The ideal candidate will have a deep understanding of cybersecurity technologies, threat intelligence, and incident response procedures, with a strong background in using Microsoft security technologies and tools.

Essential Functions Of The Job

  • Monitor and analyze security events utilizing advanced security technologies and tools such as Microsoft Sentinel, Defender technologies, and Log Analytics.
  • Apply deep threat intelligence to identify, investigate, and assess potential security threats.
  • Perform incident response activities end-to-end, including triage, containment, eradication, recovery, and documentation.
  • Use strong proficiency in both KQL (Kusto Query Language) and SPL (Search Processing Language) to conduct investigations, threat hunting, and security analytics.
  • Respond to security incidents in real time, escalating when necessary, based on severity and impact.
  • Collaborate with internal teams to resolve incidents and enhance overall security posture through lessons learned and process improvements.
  • Participate in forensic investigations, log analysis, packet analysis, and endpoint forensics following NIST Incident Response guidelines.
  • Conduct threat hunting leveraging frameworks such as MITRE ATT&CK.
  • Identify trends, anomalies, and recurring issues to continuously improve SOC operations.
  • Communicate incident findings, risk assessments, and recommendations to SOC leadership and relevant stakeholders.
  • Willingness and capability to work in a 24/7 SOC environment.
  • Experience working in government or highly regulated environments.
  • Proficient in implementing and utilizing Microsoft Sentinel for SIEM/SOAR operations, automation, and incident response.

Marginal Functions Of The Job

  • Other duties as assigned

Normal Work Schedule

While standard business hours are Monday to Friday, 8:30 AM to 5:30 PM, this full-time position is based in our 24/7 Security Operations Center. You will be assigned a shift, participate in an on-call rotation, and may work nights, weekends, holidays, and/or rotate as needed.

Education, Training, And Experience

  • Minimum 5+ years of experience as a SOC Analyst within a SOC/MXDR or MSSP environment, performing L2-level responsibilities.
  • Strong hands-on incident response experience.
  • Experience with Microsoft Sentinel, Microsoft Defender XDR, Splunk, and modern EDR technologies (such as CrowdStrike, SentinelOne, Carbon Black, etc.).
  • Strong understanding of networking technologies, security best practices, and IR procedures.
  • Experience with threat intelligence, threat hunting, and advanced detection techniques.
  • Advanced proficiency with KQL and SPL queries.
  • Strong analytical, investigative, and problem-solving skills.
  • Strong verbal and written communication abilities.
  • Experience working in government, DoD, or regulated environments preferred.
  • Familiarity with NIST Incident Response Framework and operational compliance requirements.
  • Experience in packet analysis, log analysis, and endpoint forensics.
  • Experience with scripting languages such as Python, PowerShell, or JavaScript.
  • Relevant cybersecurity certifications required or strongly preferred, such as: GCIA, GCED, GCIH, GCFA, GNFACEH, CySA+, PenTest+AZ-500, SC-200, SC-300 Security+, CASP+(or equivalent IR/SOC-focused certifications)

EEO Statement

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.

Shift Options

  • Sunday–Wednesday: 7:00 PM – 5:00 AM EST
  • Wednesday–Sunday: 7:00 PM – 5:00 AM EST

Key skills/competency

  • L2 SOC Analyst
  • Security Operations Center (SOC)
  • Cybersecurity Threats
  • Incident Response
  • Microsoft Sentinel
  • Microsoft Defender XDR
  • KQL
  • SPL
  • Threat Hunting
  • NIST Incident Response

Skills & topics

  • SOC Analyst
  • Cybersecurity
  • Incident Response
  • Microsoft Sentinel
  • Microsoft Defender
  • KQL
  • SPL
  • Threat Hunting
  • SIEM
  • SOAR
  • Remote
  • NIST
  • EDR
  • Forensics
  • Python
  • PowerShell
  • US Citizen

How to get hired

  • Tailor your resume: Highlight your 5+ years of SOC/MXDR/MSSP experience, incident response, and Microsoft security tools.
  • Showcase technical skills: Emphasize proficiency in KQL, SPL, Microsoft Sentinel, Defender XDR, and EDR technologies.
  • Quantify achievements: Use metrics to demonstrate your impact in threat detection, incident response, and security posture improvement.
  • Prepare for technical interviews: Be ready to discuss real-world scenarios involving threat hunting, log analysis, and packet analysis.
  • Highlight relevant certifications: Mention any cybersecurity certifications you hold, especially those related to Microsoft security or incident response.

Technical preparation

Master KQL and SPL for advanced querying.,Gain hands-on experience with Microsoft Sentinel/Defender.,Practice incident response scenarios.,Familiarize with NIST IR framework.

Behavioral questions

Describe a complex security incident you handled.,How do you stay updated on cyber threats?,How do you prioritize during a high-pressure incident?,How do you collaborate with cross-functional teams?

Frequently asked questions

What are the specific shift options for the L2 SOC Analyst role at Quzara LLC?
Quzara LLC offers two shift options for the L2 SOC Analyst role: Sunday–Wednesday from 7:00 PM to 5:00 AM EST, or Wednesday–Sunday from 7:00 PM to 5:00 AM EST. This position is part of a 24/7 Security Operations Center, so flexibility and willingness to work nights, weekends, and holidays are essential.
What cybersecurity tools and languages are essential for the L2 SOC Analyst position at Quzara LLC?
Essential tools and languages for the L2 SOC Analyst role at Quzara LLC include Microsoft Sentinel, Microsoft Defender XDR, various EDR technologies, and strong proficiency in KQL and SPL for investigations and threat hunting. Familiarity with Splunk and scripting languages like Python or PowerShell is also highly valued.
Does Quzara LLC require specific cybersecurity certifications for the L2 SOC Analyst role?
While not strictly mandatory, Quzara LLC strongly prefers candidates for the L2 SOC Analyst role to have relevant cybersecurity certifications. Preferred certifications include those from GIAC (GCIA, GCIH, GCFA), CompTIA (CySA+, PenTest+, Security+, CASP+), and Microsoft Azure Security Engineer (AZ-500) or Security Operations Analyst (SC-200, SC-300).
What level of experience is required for the L2 SOC Analyst role at Quzara LLC?
Quzara LLC requires a minimum of 5 years of experience as a SOC Analyst within a SOC/MXDR or MSSP environment, specifically performing L2-level responsibilities. Strong hands-on incident response experience is also a key requirement.
Is this L2 SOC Analyst position at Quzara LLC eligible for remote work?
Yes, the L2 SOC Analyst position at Quzara LLC is a fully remote role. This means you can work from anywhere in the US, provided you meet the US citizenship requirement.
What does 'US Citizenship Required' mean for the L2 SOC Analyst role at Quzara LLC?
For the L2 SOC Analyst role at Quzara LLC, 'US Citizenship Required' means that only individuals who are U.S. citizens are eligible to apply for this position. This is common for roles involving sensitive data or government contracts.
What is the role of threat intelligence in the L2 SOC Analyst position?
Threat intelligence is crucial for the L2 SOC Analyst at Quzara LLC. You will apply deep threat intelligence to identify, investigate, and assess potential security threats, and use frameworks like MITRE ATT&CK for threat hunting.
What are the typical incident response activities for an L2 SOC Analyst at Quzara LLC?
The L2 SOC Analyst at Quzara LLC performs end-to-end incident response, which includes triage, containment, eradication, recovery, and thorough documentation. This also involves real-time response to security incidents and collaboration with internal teams for resolution and process improvement.