Incident Response Analyst - L2
Job description
Overview: SOFTSWISS is looking for an Incident Response Analyst (L2) to join our Security Operations team. In this role, you will investigate complex security incidents, handle L1 escalations, and help improve our detection and incident response capabilities. Purpose of the role: You will be responsible for investigating complex cybersecurity incidents, handling escalations from L1, and enhancing our SOC detection and incident response capabilities. We're looking for someone with an incident-driven mindset who can analyze attack chains, validate hypotheses, and make evidence-based decisions to effectively identify, investigate, and contain security threats. Key responsibilities: Investigate and respond to complex security incidents throughout the entire incident lifecycle Perform digital forensic investigations, malware analysis, and evidence collection to determine the scope and root cause of security incidents Analyze attack techniques, correlate security events, and reconstruct attack timelines Develop and improve SIEM detections, correlation rules, and incident response playbooks Conduct threat hunting activities and reduce false positives through detection tuning Automate repetitive SOC activities using scripting where appropriate Collaborate with Infrastructure, Development, IT, and Security teams during incident response Mentor L1 analysts by providing technical guidance and feedback Required Experience: 3+ years of experience in SOC, Incident Response, DFIR, or MSSP environments Strong understanding of modern cyber threats, attack techniques, and frameworks such as MITRE ATT&CK and the Cyber Kill Chain Hands-on experience investigating security incidents, performing digital forensics, and malware analysis Hands-on experience with SIEM platforms (e.g. Splunk, Wazuh, ClickHouse, Redash), including writing complex search queries, correlating events, and investigating large volumes of security data Good understanding of enterprise infrastructure, including Windows, Linux, macOS, Active Directory, email systems, Kubernetes, Docker, and databases Experience with automation using Python, PowerShell, or Bash Knowledge of Kubernetes and Docker security concepts Strong analytical mindset, problem-solving skills, and effective communication in cross-functional environments Intermediate or higher English level Nice to have: Experience with Threat Hunting, Network Traffic Analysis (NTA), or cloud security (AWS) Familiarity with CI/CD and Infrastructure as Code (e.g. Terraform, Ansible) Participation in Red Team or Purple Team exercises Industry certifications such as GCIA, GCIH, GCED, OSCP, CEH, or Splunk certifications Familiarity with security frameworks such as NIST Our Benefits: Private health insurance Sports benefits Comprehensive Mental Health Program Free English lessons (online) Local language courses Paid time off Maternity leave support Referral program rewards Upskilling, internal workshops, and participation in professional conferences and corporate events