Companies CallTek SOC Analyst L2

About the role

CallTek · Remote

As a SOC Analyst L2, you will lead deeper investigations of escalated cases, confirm incidents, determine scope and impact, drive containment actions with internal teams, and produce high-quality technical communications and post-incident outputs. You will also contribute to detection improvement (tuning, new detections, playbook updates).

Responsibilities:

  • Take escalations from L1 and perform in-depth investigations: hypothesis-driven analysis, evidence validation, scoping, impact assessment, and timeline building.
  • Correlate telemetry across endpoint (EDR), Windows/Linux, AD, firewall/proxy/DNS/IDS, and (when applicable) cloud logs.
  • Recommend and/or coordinate containment actions (host isolation, credential resets, IOC blocks, temporary control changes) following change control and governance.
  • Determine severity and communicate clearly in English to technical stakeholders; provide concise executive-style updates when required.
  • Identify detection gaps and drive improvements: reduce false positives, close false negatives, propose new rules/use cases.
  • Ensure evidence integrity and proper documentation, coordinate handoffs with IR, IT Ops, Network, and Cloud teams.
  • Produce post-incident deliverables: probable root cause, lessons learned, and preventive actions.

Requirements

  • 2–5 years in SOC/IR/Blue Team (or equivalent demonstrated incident-handling experience). Solid fundamentals in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
  • EDR investigations (process trees, persistence, LOLBins behavior, containment workflows).
  • Windows/AD triage (authentication patterns, suspicious logon behavior, account activity) and Linux triage.
  • Network analysis and security controls (firewall/IDS/proxy/DNS), recognizing anomalous patterns.
  • Proven ability to produce defensible scoping and timelines based on evidence.
  • High documentation standards and the ability to perform under pressure.
  • Threat hunting experience and MITRE ATT&CK mapping.
  • Detection engineering exposure (Sigma/YARA at a basic/intermediate level), use-case design, and SIEM correlation strategy.
  • Basic forensics capabilities (acquisition concepts, triage artifacts, memory/disk fundamentals).
  • Certifications aligned to Blue Team / IR (e.g., GCIH/GCIA, BTL2, SC-200, etc.).
  • Strong spoken and written English (B2-High/C1 preferred) — able to lead technical calls, write incident summaries, and investigation notes.
Ready to apply to CallTek?
Apply to CallTek

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free