Tier 2 SOC analysts remediate serious attacks escalated from Tier 1, assess the scope and nature of the attack and investigate further.
- Reviews trouble tickets generated by Tier 1 Analyst(s).
- Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
- Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation.
- Creates and implements strategy for containment, remediation and recovery.
Skills & Qualifications
Similar to Tier 1 analyst but with more experience including incident response. Advanced forensics, malware assessment, threat intelligence. White-hat hacker certification or training is a major advantage.