CSOC Data Analyst L2

Job responsibilities:

· Responsible for overall design, operation, maintenance and continuous improvement of the data, analytics and artificial intelligence platforms used by the Security Operations Center (further referenced as SOC). Responsibilities and duties are planned as follows:

· Continuous maintenance of the data pipelines, analytics platforms and AI models used by the Security Operations Center; including data ingestion, normalization, feature extraction, model training and deployment.

· Ensuring the overall health of the SOC data platform, analytics engines, machine learning models, and AI-assisted detection systems.

· Manage verification, validation, tuning, and quality of security telemetry including logs, NetFlow/IPFIX, EDR data, threat intelligence feeds and other SOC data sources.

· Develop, train, validate and tune machine learning and analytics models used for:

· Anomaly detection

· Threat classification

· Behavioral analysis

· Alert prioritization and risk scoring

· Deploy and tune detection models and analytic use cases driven by security intelligence, threat hunting and incident response requirements.

· Implement analytic use cases as required by Security Intelligence, Tier-2 and Tier-3 teams.

· Manage and coordinate data source onboarding, integration, normalization, enrichment and troubleshooting for all SOC telemetry sources.

· Manage access and permissions for data platforms, analytics environments and AI systems used by the SOC.

· Ensure that security data sources are correctly feeding the analytics and AI platforms.

· Generate analytical reports, dashboards and model outputs as required by SOC management, threat hunting and incident response teams.

· Configuration, management, performance tuning and capacity planning of SOC data, analytics and AI platforms.

· Support proof-of-concepts (POCs) for new SOC data sources, analytics techniques and AI-driven security capabilities.

· Review vendor, open-source and research developments in security analytics, machine learning and AI relevant to SOC operations.

· Should have good knowledge of systems, solutions and security tools and skills as follows:

· Knowledge of MS Windows and UNIX-based systems.

· Knowledge of data engineering and big-data platforms (data pipelines, stream processing, data lakes).

· Knowledge of security telemetry including SIEM data models, NetFlow/IPFIX, EDR telemetry and threat intelligence formats.

· Knowledge of machine learning and analytics techniques including anomaly detection, classification, clustering and statistical modeling.

· Knowledge of AI-driven SOC technologies including LLM-based assistants, automated enrichment and detection analytics.

· Familiarity with MITRE ATT&CK, incident response lifecycle and threat hunting methodologies.

· Problem-solving skills to identify data quality, detection gaps and model performance issues.

· Communication with SOC teams (Tier-1, Tier-2, Tier-3) to align analytics and AI capabilities with operational needs.

· Communication with vendors and data providers related to SOC analytics, telemetry and AI platforms.

Required certifications in:

· Data engineering, analytics or AI platforms (Cloudera, Databricks, AWS, Azure, GCP, etc.)