Senior SOC Analyst L2 - Saudi National KSA Job Jeddah area,Saudi Arabia,IT/Tech

Position Overview

We are seeking a highly skilled Senior SOC Analyst – Layer 2 (L2) to join our Cybersecurity Operations Center (SOC) in Jeddah. The selected candidate will play a critical role in advanced threat detection, in‑depth incident investigation, containment, and response activities across enterprise environments. This position requires strong hands‑on operational experience in SOC environments, with proven capability in analyzing complex security events, leading incident response activities, tuning detection use cases, and mentoring junior analysts (L1).

Key Responsibilities

Advanced Threat Monitoring & Analysis

Perform in-depth analysis of security alerts escalated from L1 analysts.
Investigate complex incidents using SIEM, EDR, NDR, and other security tools.
Validate and classify security events to eliminate false positives.
Conduct log correlation and behavioral analysis across multiple data sources.
Identify Indicators of Compromise (IOCs) and map them to the MITRE ATT&CK framework.

Incident Response & Containment

Lead incident triage, containment, eradication, and recovery efforts.
Coordinate with IT, network, cloud, and system teams during active incidents.
Perform root cause analysis and recommend corrective security controls.
Develop and update Incident Response playbooks and runbooks.
Support digital evidence preservation and forensic readiness.

SIEM & Detection Engineering Support

Create and tune correlation rules and detection use cases in Splunk Enterprise Security, IBM QRadar, or equivalent SIEM platforms.
Enhance alert logic to reduce false positives and improve detection accuracy.
Develop advanced queries (e.g., SPL, AQL, KQL) for threat hunting.
Ensure log sources are properly normalized and mapped to data models.

Threat Hunting & Proactive Defense

Conduct proactive threat hunting using EDR, SIEM, and threat intelligence feeds.
Investigate suspicious anomalies and lateral movement indicators.
Integrate threat intelligence into detection logic.
Participate in purple team exercises and attack simulations.

Endpoint & Network Security Operations

Perform deep investigations using EDR solutions such as Microsoft Defender for Endpoint, Crowd Strike Falcon, or equivalent.
Analyze firewall, proxy, VPN, IDS/IPS logs (e.g., Palo Alto, Fortinet, Cisco).
Monitor and investigate suspicious email threats (phishing, malware, BEC).

Escalation & Reporting

Prepare detailed incident reports with technical findings and executive summaries.
Escalate high‑severity incidents to SOC Manager and CISO when required.
Provide weekly and monthly security incident metrics.
Support compliance and audit reporting requirements (SAMA CSF, NCA ECC, ISO 27001, PCI DSS).

On-Call Support

Participate in 24x7 on‑call rotation for critical incident handling.
Respond to high‑severity incidents outside business hours when required.

Experience & Qualifications

Minimum 5–7 years of experience in SOC operations.
At least 3 years in an L2 role or equivalent advanced SOC position.
Hands‑on experience with enterprise SIEM platforms (Splunk, QRadar, Arc Sight, Sentinel).
Advanced log analysis and event correlation.
Incident response lifecycle management.
EDR investigation and containment.
Malware analysis fundamentals (hash analysis, sandboxing, behavior analysis).
Network traffic analysis (PCAP, Net Flow, TCP/IP fundamentals).
Strong understanding of Windows/Linux security events.
Experience working in regulated environments (Banking, Government, Critical Infrastructure preferred).
Familiarity with cloud security monitoring (Azure/AWS logs preferred).

Preferred Technical Knowledge

MITRE ATT&CK framework mapping.

#J-18808-Ljbffr


Increase/decrease your Search Radius (miles)



Job Posting Language