Security Operations Center (SOC) Level 2 Analyst

On behalf of our client, a leading financial services company operating, we are seeking a talented and experienced Security Operations Center (SOC) Level 2 Analyst. The Security Operations Center (SOC) Level 2 Analyst is responsible for advanced security monitoring, incident investigation, and threat analysis for the Company’s virtual asset trading platform. This role serves as the escalation point for L1 analysts and leads complex incident response activities. The position ensures compliance with regulatory on cybersecurity and supports the Company’s commitment to protecting client assets and maintaining platform integrity.

Key Responsibilities:

Incident Response & Investigation

•⁠ ⁠Lead investigation of escalated security incidents, performing root cause analysis and determining scope of compromise

•⁠ ⁠Coordinate incident response activities in accordance with the Company’s Incident Response Plan

•⁠ ⁠Conduct forensic analysis of security events across network, endpoint, and blockchain-related systems

•⁠ ⁠Prepare detailed incident reports for management and the regulator’s requirements (24-hour reporting)

•⁠ ⁠Document and maintain incident response playbooks for common threat scenarios

Threat Detection & Analysis

•⁠ ⁠Monitor and analyze security alerts from SIEM, EDR, IDS/IPS, and blockchain analytics tools

•⁠ ⁠Develop and tune detection rules and correlation logic to reduce false positives and improve threat detection

•⁠ ⁠Perform threat hunting activities to identify advanced persistent threats and insider risks

•⁠ ⁠Analyze indicators of compromise (IOCs) and threat intelligence feeds relevant to virtual asset services

•⁠ ⁠Monitor for wallet-related security events and potential unauthorized access to custody systems Security Operations

•⁠ ⁠Provide technical guidance and mentorship to SOC L1 analysts

•⁠ ⁠Review and validate security alerts escalated by L1 team members

•⁠ ⁠Participate in vulnerability management program including assessment prioritization and remediation tracking

•⁠ ⁠Support penetration testing activities and remediation verification

•⁠ ⁠Maintain security monitoring dashboards and reporting metrics Compliance & Reporting

•⁠ ⁠Ensure security operations align with all regulatory reporting requirements

•⁠ ⁠Support annual technical and cybersecurity audits

•⁠ ⁠Contribute to monthly activity reports on security incidents

•⁠ ⁠Maintain comprehensive security logs per retention requirements

Essential Requirements

•⁠ ⁠Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field

•⁠ ⁠Minimum 4-5 years of experience in security operations or incident response

•⁠ ⁠Strong understanding of network security, endpoint security, and cloud security principles

•⁠ ⁠Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel)

•⁠ ⁠Experience with EDR/XDR solutions and forensic analysis tools

•⁠ ⁠Knowledge of common attack frameworks (MITRE ATT&CK) and threat intelligence methodologies

•⁠ ⁠Familiarity with incident response frameworks and methodologies

•⁠ ⁠Strong analytical and problem-solving skills

•⁠ ⁠Excellent written and verbal communication skills in Arabic and English

•⁠ ⁠Ability to work in a 24/7 shift environment and be on-call for critical incidents

Preferred Qualifications

•⁠ ⁠Security certifications: GCIH, GCFA, CySA+, CEH, or equivalent

•⁠ ⁠Experience in financial services, fintech, or virtual asset/cryptocurrency industry

•⁠ ⁠Knowledge of blockchain technology, wallet security, and cryptocurrency transaction analysis

•⁠ ⁠Experience with blockchain analytics tools (e.g., Chainalysis, Elliptic)

•⁠ ⁠Familiarity with regulatory requirements for Virtual Asset Service

Providers (VASPs)

•⁠ ⁠Experience with cloud security monitoring (AWS, Azure, GCP)

•⁠ ⁠Scripting abilities in Python, PowerShell, or similar languages for automation

•⁠ ⁠Understanding of MPC (Multi-Party Computation) custody systems and key management

Technical Skills

•⁠ ⁠SIEM administration and correlation rule development

•⁠ ⁠Network traffic analysis and packet inspection

•⁠ ⁠Malware analysis fundamentals

•⁠ ⁠Log analysis across diverse platforms and systems

•⁠ ⁠Vulnerability assessment and management tools

•⁠ ⁠Endpoint detection and response (EDR) platforms

•⁠ ⁠Threat intelligence platforms and feeds

•⁠ ⁠Incident tracking and case management systems