# SOC Analyst L2

> CallTek · Philippines (Remote) · Full-time · Posted 2026-06-25

**Workplace:** remote

## Description

As a SOC Analyst L2, you will lead deeper investigations of escalated cases, confirm incidents, determine scope and impact, drive containment actions with internal teams, and produce high-quality technical communications and post-incident outputs. You will also contribute to detection improvement (tuning, new detections, playbook updates).

**Responsibilities:**

-   Take escalations from L1 and perform in-depth investigations: hypothesis-driven analysis, evidence validation, scoping, impact assessment, and timeline building.
-   Correlate telemetry across endpoint (EDR), Windows/Linux, AD, firewall/proxy/DNS/IDS, and (when applicable) cloud logs.
-   Recommend and/or coordinate containment actions (host isolation, credential resets, IOC blocks, temporary control changes) following change control and governance.
-   Determine severity and communicate clearly in English to technical stakeholders; provide concise executive-style updates when required.
-   Identify detection gaps and drive improvements: reduce false positives, close false negatives, propose new rules/use cases.
-   Ensure evidence integrity and proper documentation, coordinate handoffs with IR, IT Ops, Network, and Cloud teams.
-   Produce post-incident deliverables: probable root cause, lessons learned, and preventive actions.

## Requirements

-   2–5 years in SOC/IR/Blue Team (or equivalent demonstrated incident-handling experience). Solid fundamentals in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
-   EDR investigations (process trees, persistence, LOLBins behavior, containment workflows).
-   Windows/AD triage (authentication patterns, suspicious logon behavior, account activity) and Linux triage.
-   Network analysis and security controls (firewall/IDS/proxy/DNS), recognizing anomalous patterns.
-   Proven ability to produce defensible scoping and timelines based on evidence.
-   High documentation standards and the ability to perform under pressure.
-   Threat hunting experience and MITRE ATT&CK mapping.
-   Detection engineering exposure (Sigma/YARA at a basic/intermediate level), use-case design, and SIEM correlation strategy.
-   Basic forensics capabilities (acquisition concepts, triage artifacts, memory/disk fundamentals).
-   Certifications aligned to Blue Team / IR (e.g., GCIH/GCIA, BTL2, SC-200, etc.).
-   Strong spoken and written English (B2-High/C1 preferred) — able to lead technical calls, write incident summaries, and investigation notes.

## Apply

[Apply at CallTek](https://apply.workable.com/staff4me/j/8E247AFFC5/apply)

---
Powered by [Workable](https://www.workable.com)