Security Operations Center (SOC) Tier II Analyst

Description

Position Summary

The SOC Tier II Analyst serves as the technical lead within NTG's 24x7x365, Security Operations Center, providing advanced threat detection, incident response, and technical escalation support. This individual collaborates with Tier I analysts, engineers, and client stakeholders to ensure the continuous protection, monitoring, and improvement of enterprise environments. The Tier II Analyst functions as an experienced hands-on technical professional and mentor, responsible for guiding daily SOC operations, tuning security tools, and leading client-facing discussions on security posture and incident response.

Essential Duties and Responsibilities

Threat Detection, Analysis, and Response

• Perform advanced threat analysis to identify, assess, and mitigate cybersecurity incidents, vulnerabilities, and insider threats.
• Lead investigations using SIEM platforms-Splunk, Fortinet, and Microsoft Sentinel, to detect anomalous or malicious activity.
• Execute comprehensive incident response processes, including triage, containment, eradication, and recovery actions.
• Conduct forensic analysis and log correlation to determine root causes and attack vectors.

SOC Operations and Tool Optimization

• Operate and optimize SOC tools, including SIEM (Splunk), IDS/IPS, EDR, and network security appliances.
• Collaborate with the client Splunk Engineers to refine correlation searches, alerts, and dashboards for improved accuracy and signal-to-noise ratio.
• Participate in regular "scan" meetings for change management and Splunk tuning review.
• Develop and implement tuning recommendations, automation scripts, and detection improvements.

Leadership and Mentorship

• Act as the technical lead in the room, providing escalation support and guidance to Tier I analysts.
• Mentor and coach junior analysts on threat-hunting techniques, SOC procedures, and best practices.
• Organize and follow up on assigned tasks, tickets, and ongoing investigations.
• Lead and document after-action reviews (AARs) following major incidents.

Client and Stakeholder Communication

• Represent NTG during weekly client meetings, present technical updates in non-technical language.
• Collaborate closely with the SOC Manager and customer counterparts to maintain situational awareness and ensure transparent communication.
• Deliver concise, actionable reporting on ongoing incidents, emerging threats, and mitigation progress.

Process Improvement and Documentation

• Assist in developing, maintaining, and improving SOC playbooks, runbooks, and SOPs.
• Capture lessons learned and integrate them into process improvements.
• Contribute to strategic detection engineering and threat-hunting initiatives.

Requirements

Minimum Qualifications (Knowledge, Skills, and Abilities)

• Minimum of 4-5 years of experience in cybersecurity or SOC operations, including Tier I/II support.
• Proficiency with Splunk (searches, dashboards, correlation rules, tuning, and administration).
• Strong understanding of cybersecurity concepts, attack vectors, and the MITRE ATT&CK framework.
• Hands-on experience with EDR, IDS/IPS, firewalls, and forensic tools.
• Familiarity with NIST and ISO 27001 security frameworks
• Excellent written and verbal communication; able to convey complex security issues clearly to non-technical audiences.
• Strong client-facing demeanor and composure under pressure.
• Team-oriented with leadership qualities and a proactive, mentoring mindset.

PREFERRED QUALIFICATIONS

• Bachelor's degree in Cybersecurity, Computer Science, or related discipline
• Basic scripting or automation skills (Python, PowerShell).
• CISSP, CEH, or GIAC certifications such as GCIH, GCIA, or GCFA.
• Splunk Certified Power User / Administrator strongly preferred.
• Security+ CE (minimum baseline for DoD 8570/8140 compliance).

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.

While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.

Northern Technologies Group is an equal opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law.

Travel

10%

Shift

On site Monday - Friday 8:00am to 5:30pm

Note

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

The salary range listed represents a good faith estimate and is provided in compliance with applicable pay transparency laws. The final compensation offered will be determined based on a variety of factors, including your skills, experience, qualifications, internal equity, and market conditions.

Salary Description

$55,000 to $70,000