About the role
The L2 Security Analyst is responsible for handling complex cybersecurity incidents, performing advanced forensic analysis to identify root cause and impact. They also coordinate responses to critical events to ensure efficient incident resolution.
They improve security tools by developing detection rules, support Tier 1 analysts, and collaborate with other teams. Their main goal is to detect, prevent, and respond to advanced threats, protecting critical infrastructure and sensitive information.
Key Responsibilities
- Advanced Analysis & Incident Handling: Perform deeper and more detailed analysis of incidents, managing complex and critical threats while evaluating their sophistication and potential impact.
- Incident Coordination & Escalation: Handle high‑complexity incidents, coordinate responses, and escalate to specialized teams when necessary to ensure effective resolution.
- Forensic Investigation & Root Cause Analysis: Conduct forensic investigations to identify the origin, scope, and impact of incidents, collecting evidence where required.
- Detection Improvement & Tool Optimization: Create and fine‑tune detection rules, signatures, and behavioral profiles while improving the performance of SIEM, EDR, and other security tools.
- Technical Support & Training: Provide guidance and technical advice to Tier 1 analysts and deliver training on emerging threats, tactics, and tools.
- Threat Intelligence & Vulnerability Management: Integrate threat intelligence into operations and carry out vulnerability assessments to identify and mitigate risks.
- Process, Policy & Reporting: Review and improve security processes and policies, and prepare detailed executive reports to support decision‑making.
- Collaboration & Continuous Improvement: Work closely with internal teams (risk, compliance, etc.), participate in advanced cyber drills, and drive ongoing improvements in incident response.
Required Skills
- Strong analytical and problem‑solving skills
- Excellent written and verbal communication skills
- Knowledge of security best practices and concepts
- High ability to multi‑task, prioritize, coordinate, work well under pressure and meet deadlines
- High‑level understanding of TCP/IP protocol to detect and understand malicious traffic
- Experience in SIEM operation & tooling (IBM QRadar, Splunk, Microsoft Sentinel, Chronicle)
- Experience in EDR operation & tooling (MS Defender, Symantec, CrowdStrike Falcon, among others)
- Experience in network components operation or general knowledge
- Experience in incident, problem management, and/or change management
- Knowledge of operating systems, basic scripting skills
Benefits
- Wellbeing Hub – full program to support physical and mental wellbeing.
- Flexible Compensation Plan – choose benefits that fit your needs (medical insurance, transportation, training, meal card or allowance, childcare vouchers, etc.).
- Continuous Learning – access to various learning platforms (Mylearning, Capgemini University, Coursera, Udemy, etc.).
- Volunteer & Social Impact Programs – participate in sustainability, inclusion, and equality groups.
- Buddy Program – receive personalized support during your first months.
- Life & Accident Insurance – additional protection and peace of mind.
