As a SOC Analyst L2, you will lead deeper investigations of escalated cases, confirm incidents, determine scope and impact, drive containment actions with internal teams, and produce high-quality technical communications and post-incident outputs. You will also contribute to detection improvement (tuning, new detections, playbook updates).
Responsibilities:
- Take escalations from L1 and perform in-depth investigations: hypothesis-driven analysis, evidence validation, scoping, impact assessment, and timeline building.
- Correlate telemetry across endpoint (EDR), Windows/Linux, AD, firewall/proxy/DNS/IDS, and (when applicable) cloud logs.
- Recommend and/or coordinate containment actions (host isolation, credential resets, IOC blocks, temporary control changes) following change control and governance.
- Determine severity and communicate clearly in English to technical stakeholders; provide concise executive-style updates when required.
- Identify detection gaps and drive improvements: reduce false positives, close false negatives, propose new rules/use cases.
- Ensure evidence integrity and proper documentation, coordinate handoffs with IR, IT Ops, Network, and Cloud teams.
- Produce post-incident deliverables: probable root cause, lessons learned, and preventive actions.
Requirements
- 2–5 years in SOC/IR/Blue Team (or equivalent demonstrated incident-handling experience). Solid fundamentals in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
- EDR investigations (process trees, persistence, LOLBins behavior, containment workflows).
- Windows/AD triage (authentication patterns, suspicious logon behavior, account activity) and Linux triage.
- Network analysis and security controls (firewall/IDS/proxy/DNS), recognizing anomalous patterns.
- Proven ability to produce defensible scoping and timelines based on evidence.
- High documentation standards and the ability to perform under pressure.
- Threat hunting experience and MITRE ATT&CK mapping.
- Detection engineering exposure (Sigma/YARA at a basic/intermediate level), use-case design, and SIEM correlation strategy.
- Basic forensics capabilities (acquisition concepts, triage artifacts, memory/disk fundamentals).
- Certifications aligned to Blue Team / IR (e.g., GCIH/GCIA, BTL2, SC-200, etc.).
- Strong spoken and written English (B2-High/C1 preferred) — able to lead technical calls, write incident summaries, and investigation notes.
Other open roles at CallTek(6)
For more than two decades, CallTek has been a global leader in delivering secure, compliant, and reliable white-label technical support services. As a Managed Service Provider (MSP), we offer 24/7 engineering, software development, field service, and customer support to technology operators and service providers worldwide. Our team of over 10,000 skilled professionals manages more than 20,000 buildings and one million enterprise network appliances globally. We are dedicated to security and privacy, adhering to the highest industry standards, including PCI-DSS, ISO 27001, SOC 2, and GDPR. This commitment ensures that our partners' data is protected, and their operations are compliant with global regulations. CallTek combine our expertise as an MSP with innovative technology. We’ve developed proprietary platforms such as Odyssey CX , powered by artificial intelligence (AI) and natural language processing (NLP), to provide advanced solutions that integrate seamlessly with your existing systems to provide you deep customer insights. Our dedication to excellence extends to our 24/7 Live Customer Support and Field Service teams, who are available across 35,000 zip codes, including certified low-voltage Ekahau technicians ready to resolve break-fix jobs and perform Wireless Site Surveys. Headquartered in Irvine, CA, CallTek has a global footprint with offices in nine countries, including the Dominican Republic, Colombia, Egypt, Guatemala, Honduras, India, Mexico, the Philippines, and the United States. Recognized for our unwavering commitment to security, privacy, and innovation, CallTek was named one of the Best Employers by The Philippine Daily Inquirer in 2023 and 2004. For more information on how CallTek can securely support your business with cutting-edge solutions, visit calltekinc.com.
Key team members
Ahmed El Sayed
Shirlene Shelley Zamora Tabernero
Kevin Spruill CECP
Joshua Bergen CHAE, CHTP
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.