Security Operations Center Analyst (T2)

The SOC Tier 2 Analyst is an experienced member of the Security Operations Center, responsible for advanced monitoring, investigation, and coordination of security events. This role serves as the bridge between Tier 1 monitoring activities and higher level incident response teams, ensuring timely triage, deeper analysis, and smooth operational workflow. The Tier 2 Analyst also provides guidance to Tier 1 analysts and contributes to the continuous improvement of SOC processes and detections. Key Responsibilities: • Security Monitoring & Incident Handling • Perform all core Tier 1 monitoring duties, including: Reviewing and responding to alerts in SIEM/SOAR queues. • Monitoring SOC dashboards, EDR, and team mailboxes for security related events. • Tracking team-related SNOW tickets and ensuring timely handling. • Observing health dashboards, identifying anomalies, and notifying Tier 3 when needed. • Ensuring consistency across security systems and reporting any discrepancies. • Triaging and remediating alerts, escalating complex cases to Tier 3 or Incident Response teams (CIRT). • Advanced Analysis & Support • Conduct deeper investigation of security events escalated from Tier 1. • Support Tier 1 analysts with unusual or ambiguous cases, providing guidance and technical direction. • Work on improving and validating new detection rules and assisting with enhancements to existing SOC use cases. • Operational Coordination • Coordinate team schedules and ensure proper coverage within the shift. • Reassign workload or tasks within the team when necessary, especially during peak activity or heavy case volumes. • Prepare and distribute daily and weekly summaries highlighting notable detections, trends, and observations. • Technical Troubleshooting • Perform basic SIEM troubleshooting tasks  Here's What You'll Need: • 2+ years experience in SOC or other Cyber Security related role. • Proficiency with SIEM and SOAR platforms. • Solid understanding of network security (firewalls, IDS/IPS), Windows/Linux internals, and authentication/authorization models (Kerberos, OAuth, SAML). • Ability to perform log correlation, timeline building, and evidence triage using common tools (EDR, SIEM, sandboxing, packet capture). • Working knowledge of scripting languages like Python or PowerShell for investigation, data parsing, and workflow automation. • Knowledge of threat intelligence platforms and creating detections from TTPs/IOCs. • Practical knowledge of compliance/regulatory environments and how they influence SOC operations. • Willingness to work 12-hour shifts, with every other weekend off (Panama Shift Schedule) Nice to have: • Bachelor’s degree in Computer Science or Cyber Security. • Knowledge of programming languages (C#, Java, etc.). • GitHub/Git or other version control system experience. • Knowledge of database administration and writing queries (SQL). • Understanding of server administration in both Linux and Windows platforms. We offer: • Rewarding employment - full-time employment with a salary that matches your qualifications • Hybrid work model - enjoy the flexibility of working from home, with just several office days per month • Comprehensive benefits, including Lux Med medical care, psychological support, life insurance, My Benefit cafeteria system, Multisport card co-financing, and a car/bike park sharing system • Co-financed holidays - enjoy "Wczasy pod Gruszą" for a well-deserved break • Global projects - engage in exciting international projects • Inclusive networks - join our diverse employee networks like Women's Network, OneWorld, PRISM, Careers Network, Green Team, SpeakUp, Collectively, and more • Continuous learning - participate in our Graduate Development Program, Learners’ Community, and self-learning platforms • Language courses - enhance your skills with courses in English, German, and Polish We know that if we are inclusive, we’re more connected, and if we are diverse, we’re more creative. We accept people for who they are. Find out more about life at Jacobs. As a Disability Confident employer, we will interview all disabled applicants who meet the criteria for a vacancy. If you require further support or reasonable adjustments with regards to the recruitment process (for example, you require the application form in a different format), please contact the team recruitmentpoland@jacobs.com