SOC Analyst T2 - Incident Responder

Description

Position Summary

The SOC Analyst T2 - Incident Responder is a critical technical leadership role within NTG's 24x7 Security Operations Center (SOC), responsible for advanced cyber threat analysis, incident response, and the operation and optimization of security tools such as SIEM platforms, including Splunk. This position requires a minimum of 5 years of experience in a SOC environment and a related degree in IT or Cybersecurity, or equivalent Cybersecurity Certifications. The SOC Analyst T2 - Incident Responder plays a pivotal role in detecting, analyzing, and mitigating cyber threats while supporting SOC processes and contributing to the continuous improvement of NTG's security posture, as well as the security posture of NTG's MSP customers. This position also requires leading the SOC team through mentoring other SOC members, as well as supporting the Service Delivery Manager and VP of Commercial Services in ensuring that NTG and our customers are supported and protected appropriately.

Key Attributes:

• Analytical Rigor: Uses a proactive approach to threat detection and mitigation. Has the ability to reconstruct complex, multi-stage attacks and identify subtle indicators of compromise that bypass automated detections.
• Cross-Platform Fluency: Seamless proficiency in navigating and managing Splunk, Microsoft Sentinel, Microsoft Defender, Wazuh, and Elastic.
• Innovation and Adaptation: Ability to adapt to new technologies and evolving threat landscapes.
• Technical Mentorship: A commitment to the professional growth of junior staff, demonstrating the investigative mindset and technical skills necessary for advancement.
• Operational Decisiveness: A team player with a strong focus on collaboration and continuous improvement. The capability to make rapid, informed decisions during critical incidents, including the authorization of disruptive containment actions.

Essential duties and responsibilities:

The essential functions include, but are not limited to, the following:

Threat Analysis and Incident Response:

• Perform advanced threat analysis to identify, assess, and mitigate cyber threats, vulnerabilities, and insider risks.
• Conduct in-depth investigations using SIEM tools such as Splunk, Fortinet, and Microsoft Sentinel.
• Coordinate and execute comprehensive incident response plans during security breaches or cyberattacks.

SOC Operations Support:

• Operate and optimize security tools, including SIEM platforms, IDS/IPS, EDR, and forensic tools.
• Tune, customize, and enhance SIEM tools to improve detection and alerting capabilities.
• Provide technical guidance and mentoring to junior analysts on threat detection and SOC processes.
• Working with the SOC Team and Management to ensure thorough support of NTG and our MSP customers.
• Own Tier 2 case triage and escalation by validating alerts, documenting rationale for decisions, and maintaining alignment between automated detections and analyst determinations.

Procedure and Playbook Development:

• Assist in developing and refining SOC procedures, playbooks, and response strategies.
• Document lessons learned from incident response activities and integrate them into playbooks.

Reporting and Trend Analysis:

• Analyze and report on security trends, vulnerabilities, and incidents.
• Provide actionable recommendations to enhance detection capabilities and mitigate security risks.

Collaboration and Coordination:

• Work closely with other teams, such as IT, engineering, and compliance, to address and mitigate security risks.
• Serve as a technical liaison between the SOC and leadership, providing updates on the security landscape.
• Mentorship of the entire SOC Team integrated into the daily operational workflow.
• Tier 2 knowledge transfer and mentorship activities:
• Provide structured feedback from Tier 2 investigations to improve Tier 1 alert triage and refine SOC workflows.
• Perform quality assurance reviews of Tier 1 cases and provide timely, actionable coaching to improve accuracy and consistency.
• Lead case studies and after-action reviews to reconstruct the incident timeline, identify detection/response gaps, and implement improvements.
• Help junior analysts align development goals to the SOC Skill Matrix by recommending targeted training and certifications to support progression.

Multi-Company MSP, Advanced & Corporate support:

• Work in an environment of not only NTG's internal environment, plus the environments of NTG's MSP customers.
• Obtain and maintain certifications relevant to the Systems Administrator duties as well as supporting NTG's partnership requirements with specific vendors.
• Work with and utilize AI platforms such as Copilot, Grok, Claude, Gemini, etc., to perform daily duties and automate tasks required for supporting our Intra-Company and MSP environments.

Minimum Qualifications (Knowledge, Skills, and Abilities)

Technical Expertise:

• Multi-SIEM Proficiency: Expert-level knowledge of Microsoft Sentinel, Splunk Enterprise Security, and the ELK stack (Elasticsearch, Logstash, Kibana).
• XDR/EDR Fluency: Hands-on experience with Microsoft Defender XDR, Wazuh, and other major EDR platforms (e.g., CrowdStrike, SentinelOne).
• Query Language Mastery: Proficiency in KQL (Kusto), SPL (Splunk), and ESQL/Lucene for Elastic.
• System and Network Analysis: Strong understanding of Windows/Linux operating systems, network protocols (TCP/IP, DNS, HTTP), and the ability to interpret complex packet captures and security logs.
• Threat Frameworks: Deep knowledge of the MITRE ATT&CK framework and its application to detection mapping and incident analysis.
• Scripting and Automation: Proficiency in Python, PowerShell, or Bash for automating repetitive SOC tasks and developing custom detection tools.

Analytical, Problem-Solving, and Leadership Skills:

• Advanced Troubleshooting: Demonstrated ability to perform root cause analysis and identify the "lateral movement" of an attacker within a network.
• Technical Pedagogy: Ability to explain complex security concepts to junior staff and guide them through the investigative process.
• Decision-Making Under Pressure: Proven ability to prioritize and make critical decisions during high-stakes security incidents.

Communication Skills:

• Strong written and verbal communication skills for reporting and collaboration.
• Experience presenting technical findings to non-technical stakeholders.

Certifications (Preferred):

• Industry Standards: CISSP, GIAC GCIH (Certified Incident Handler), or GCIA (Certified Intrusion Analyst).
• Technical Certifications: CompTIA CySA+, EC-Council CSA (Certified SOC Analyst), or Microsoft SC-200 (Security Operations Analyst Associate).
• Platform Specific: Wazuh for Security Engineers, Splunk Power User/Admin, or Elastic Certified Analyst.

Education, Experience:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related discipline.
• 5 or more years of documented experience in a Security Operations Center, Incident Response, or Threat Intelligence role.
• MSSP Background: Experience working in a multi-tenant environment supporting multiple external clients is highly desirable.

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable adjustments can be provided so that people with disabilities are able to carry out these tasks.

While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand, walk, sit, and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.

Travel

Up to 15%

Shift

• This position is normally M-F 8 AM to 5 PM (Eastern)
• The SOC is manned 24/7/365, so occasionally alternate shifts may be required to provide coverage.

Note

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

The company is an Equal Opportunity Employer, drug free workplace, and complies with ADA regulations as applicable.

Salary Description

$80,000 to $90,000