L2 Security Analyst

Job Description

About the Team & Culture

You will be joining a team that operates as consultants and partners to our clients, helping them innovate their existing processes and tools. We are focused on efficiency, strong communication, and sustainable learning paths. You will have an impact on the project’s evolution and the chance to contribute your own ideas to build successful client relationships.

The Role

We are looking for a SOC Analyst - Level 2 with strong experience in deeper investigation, incident validation, response recommendations, targeted hunting, and hands-on guidance for the analysts around them.

This is the escalation and deeper-investigation analyst lane. It is expected to take technically demanding cases further than the Level 1 lane, improve case quality across the team, and help shape practical service improvements. It is not a baseline architecture role, and it is not the default owner of recurring detection content or day-to-day platform administration.

This role includes scheduled weekly on-call escalation coverage outside normal working or rota hours, according to the agreed service process.

Key Responsibilities

Operations (Threat Detection & Incident Response)

• Lead the investigation of higher-severity, ambiguous, or fast-moving incidents across available security telemetry and case evidence
• Determine likely root cause, affected identities and assets, probable scope, and the next actions that matter most
• Use targeted hunting and hypothesis-testing workflows to validate suspicious activity and uncover related activity that is not obvious from the initial alert
• Produce clear investigation records and evidence-based response recommendations that support timely decision-making through the customer approval path
• Support clear customer-facing incident handling by turning technical findings into usable evidence summaries and next-step recommendations within the defined case path
• Review escalations from Level 1 analysts and help move difficult cases forward without unnecessary reinvention
•  Provide scheduled weekly on-call escalation support according to the agreed service process • identify visibility gaps, weak alert context, and recurring investigative friction that should feed into detection tuning, playbook refinement, or workflow improvement
•  Propose practical automation ideas where repetitive investigation work can be made faster or more consistent
• Support the technical growth of other analysts through case guidance, review, and operationally useful feedback

Qualifications

Required Skills:

• Strong hands-on experience in SOC, MDR, or incident-response work
• Practical depth in investigation across endpoint, identity, email, cloud, network, and case evidence
• Strong analytical skills for investigation, hunting, and validating suspicious activity
• Ability to assess scope, impact, and urgency in higher-severity cases
• Ability to produce evidence-based recommendations and clear escalation or response records
• Strong written and verbal communication in English
• Ability to guide Level 1 analysts through technically difficult casework
• Willingness and ability to participate in weekly on-call escalation coverage
• Responsible AI literacy, including the ability to use approved AI-assisted workflows cautiously, validate outputs against source evidence, avoid entering customer-sensitive data into unapproved or public AI tools, and avoid treating AI output as evidence, approval, or authority
• Ability to challenge weak AI-assisted analysis from others when it skips evidence validation, creates false confidence, or exceeds the approved operating model

Soft Skills:

• Consultative Approach: Ability to explain technical risks to non-technical business stakeholders.
• Communication: Excellent written and verbal communication in English (German is a strong plus).
• Proactive Mindset: A history of self-driven learning (e.g., setting up a home lab, following security researchers).

Nice to Have:

• 3-5+ years of relevant experience in cybersecurity operations, incident response, or MDR delivery
• Hands-on exposure to Microsoft Sentinel, Microsoft Defender XDR, Cortex XSOAR, Elastic Security, Vectra NDR, or similar security operations platforms
• Strong KQL or equivalent query-language experience for investigation and hunting
• Experience with Logic Apps, SOAR workflows, or operational automation
• Familiarity with ATT&CK-style analysis and coverage discussions
• PowerShell or similar scripting experience for investigation support or workflow improvement • Microsoft SC-200, SC-100, AZ-500, or similar operational security certifications
• German would be an advantage

Additional Information

At Accesa you can

Enjoy our holistic benefits program that covers the four pillars that we believe come together to support our wellbeing, covering social, physical, emotional wellbeing, as well as work-life fusion.

• Physical Wellbeing: Our wellbeing program includes medical benefits, gym support, and personalised fitness options for an active lifestyle, complemented by team events and the Healthy Habits Club.
• Work-Life Fusion: In very dynamic industries such as IT, the line between our professional and personal lives can quickly become blurred. Having a one-size-fits-one approach gives us the flexibility to define the work-life dynamic that works for us.
• Emotional Wellbeing: We believe that to maintain our overall health, we need to invest in our mental wellbeing just as much as we do in our physical health, social connections or in achieving work-life balance.
• Social Wellbeing: As a growing community in a hybrid environment, we want to ensure we remain connected not just by the great work we do every day but through our passions and interests.