L2 Security Operations Center Analyst (1-5 yrs)

Level 2 SOC Analyst

We are seeking a skilled and detail-oriented Level 2 SOC Analyst to join our SOC team within the retail sector. You will be responsible for the advanced monitoring and analysis of security alerts and incidents that may impact retail operations, including point-of-sale (POS) systems, e-commerce platforms, and customer data environments. As a second line of defense, you will support incident response efforts, conduct threat analysis, and help secure critical retail infrastructure from cyber threats.

Key Responsibilities:

- Investigate and triage escalated security alerts from L1 analysts to determine severity and impact.

- Monitor and analyze logs and alerts from a wide variety of sources including firewalls, IDS/IPS, POS systems, e-commerce platforms, and cloud infrastructure.

- Identify and respond to potential threats related to payment systems, customer PII, loyalty programs, and inventory management platforms.

- Conduct root cause analysis and contribute to incident remediation and threat eradication.

- Collaborate with IT, DevOps, and teams to resolve incidents and close security gaps.

- Tune and create detection rules within SIEM tools for retail-specific attack vectors (e.g., credential stuffing, carding attacks).

- Provide input into the development and refinement of the incident response plan (IRP).

- Maintain accurate and thorough documentation for incidents, playbooks, and security procedures.

- Mentor and provide guidance to Level 1 analysts.

- Stay updated on industry-specific threats including gift card fraud, and retail-focused malware.

Required Qualifications:

Bachelors degree in Cybersecurity, Information Technology, or related field (or equivalent experience).

- Proficiency with SIEM platforms (e.g.Elastic, Splunk, QRadar, Sentinel) and EDR tools.

- Strong understanding of retail systems including POS environments, e-commerce platforms, and customer data flows.

- Knowledge of security frameworks and standards (e.g., PCI-DSS, NIST, MITRE ATT&CK).

- Experience handling real-world incidents such as phishing, ransomware, or card skimming attacks.

- Relevant certifications such as CompTIA CySA+, CEH, GCIH, or GCIA are a plus.