NTG
Security Operations Center (SOC) Tier II Analyst
Join to apply for the Security Operations Center (SOC) Tier II Analyst role at NTG.
Position Summary The SOC Tier II Analyst serves as the technical lead within NTG’s 24x7x365 Security Operations Center, providing advanced threat detection, incident response, and technical escalation support. This individual collaborates with Tier I analysts, engineers, and client stakeholders to ensure continuous protection, monitoring, and improvement of enterprise environments. The Tier II Analyst functions as a hands‑on technical professional and mentor, guiding daily SOC operations, tuning security tools, and leading client‑facing discussions on security posture and incident response.
Essential Duties and Responsibilities Threat Detection, Analysis, and Response
Perform advanced threat analysis to identify, assess, and mitigate cybersecurity incidents, vulnerabilities, and insider threats.
Lead investigations using SIEM platforms—Splunk, Fortinet, and Microsoft Sentinel—to detect anomalous or malicious activity.
Execute comprehensive incident response processes, including triage, containment, eradication, and recovery actions.
Conduct forensic analysis and log correlation to determine root causes and attack vectors.
SOC Operations and Tool Optimization
Operate and optimize SOC tools, including SIEM (Splunk), IDS/IPS, EDR, and network security appliances.
Collaborate with client Splunk Engineers to refine correlation searches, alerts, and dashboards for improved accuracy and signal‑to‑noise ratio.
Participate in regular “scan” meetings for change management and Splunk tuning review.
Develop and implement tuning recommendations, automation scripts, and detection improvements.
Leadership and Mentorship
Act as the technical lead in the room, providing escalation support and guidance to Tier I analysts.
Mentor and coach junior analysts on threat‑hunting techniques, SOC procedures, and best practices.
Organize and follow up on assigned tasks, tickets, and ongoing investigations.
Lead and document after‑action reviews (AARs) following major incidents.
Client and Stakeholder Communication
Represent NTG during weekly client meetings, present technical updates in non‑technical language.
Collaborate closely with the SOC Manager and customer counterparts to maintain situational awareness and ensure transparent communication.
Deliver concise, actionable reporting on ongoing incidents, emerging threats, and mitigation progress.
Process Improvement and Documentation
Assist in developing, maintaining, and improving SOC playbooks, runbooks, and SOPs.
Capture lessons learned and integrate them into process improvements.
Contribute to strategic detection engineering and threat‑hunting initiatives.
Requirements Minimum Qualifications (Knowledge, Skills, and Abilities)
Must be US Citizen with the ability to obtain a federal security clearance.
Minimum of 4‑5 years of experience in cybersecurity or SOC operations, including Tier I/II support.
Proficiency with Splunk (searches, dashboards, correlation rules, tuning, and administration).
Strong understanding of cybersecurity concepts, attack vectors, and the MITRE ATT&CK framework.
Hands‑on experience with EDR, IDS/IPS, firewalls, and forensic tools.
Familiarity with NIST and ISO 27001 security frameworks.
Excellent written and verbal communication; able to convey complex security issues clearly to non‑technical audiences.
Strong client‑facing demeanor and composure under pressure.
Team‑oriented with leadership qualities and a proactive, mentoring mindset.
Preferred Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, or related discipline.
Basic scripting or automation skills (Python, PowerShell).
CISSP, CEH, or GIAC certifications such as GCIH, GCIA, or GCFA.
Splunk Certified Power User / Administrator strongly preferred.
Security+ CE (minimum baseline for DoD 8570/8140 compliance).
Physical Demands and Work Environment The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.
EEO Statement Northern Technologies Group is an equal‑opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law.
Travel 10%
Shift On‑site Monday - Friday 8:00am to 5:30pm
Job Level and Type Mid‑Senior level
Full‑time
Job Function and Industry Other, Information Technology, and Management
IT Services and IT Consulting
#J-18808-Ljbffr
Position Summary The SOC Tier II Analyst serves as the technical lead within NTG’s 24x7x365 Security Operations Center, providing advanced threat detection, incident response, and technical escalation support. This individual collaborates with Tier I analysts, engineers, and client stakeholders to ensure continuous protection, monitoring, and improvement of enterprise environments. The Tier II Analyst functions as a hands‑on technical professional and mentor, guiding daily SOC operations, tuning security tools, and leading client‑facing discussions on security posture and incident response.
Essential Duties and Responsibilities Threat Detection, Analysis, and Response
Perform advanced threat analysis to identify, assess, and mitigate cybersecurity incidents, vulnerabilities, and insider threats.
Lead investigations using SIEM platforms—Splunk, Fortinet, and Microsoft Sentinel—to detect anomalous or malicious activity.
Execute comprehensive incident response processes, including triage, containment, eradication, and recovery actions.
Conduct forensic analysis and log correlation to determine root causes and attack vectors.
SOC Operations and Tool Optimization
Operate and optimize SOC tools, including SIEM (Splunk), IDS/IPS, EDR, and network security appliances.
Collaborate with client Splunk Engineers to refine correlation searches, alerts, and dashboards for improved accuracy and signal‑to‑noise ratio.
Participate in regular “scan” meetings for change management and Splunk tuning review.
Develop and implement tuning recommendations, automation scripts, and detection improvements.
Leadership and Mentorship
Act as the technical lead in the room, providing escalation support and guidance to Tier I analysts.
Mentor and coach junior analysts on threat‑hunting techniques, SOC procedures, and best practices.
Organize and follow up on assigned tasks, tickets, and ongoing investigations.
Lead and document after‑action reviews (AARs) following major incidents.
Client and Stakeholder Communication
Represent NTG during weekly client meetings, present technical updates in non‑technical language.
Collaborate closely with the SOC Manager and customer counterparts to maintain situational awareness and ensure transparent communication.
Deliver concise, actionable reporting on ongoing incidents, emerging threats, and mitigation progress.
Process Improvement and Documentation
Assist in developing, maintaining, and improving SOC playbooks, runbooks, and SOPs.
Capture lessons learned and integrate them into process improvements.
Contribute to strategic detection engineering and threat‑hunting initiatives.
Requirements Minimum Qualifications (Knowledge, Skills, and Abilities)
Must be US Citizen with the ability to obtain a federal security clearance.
Minimum of 4‑5 years of experience in cybersecurity or SOC operations, including Tier I/II support.
Proficiency with Splunk (searches, dashboards, correlation rules, tuning, and administration).
Strong understanding of cybersecurity concepts, attack vectors, and the MITRE ATT&CK framework.
Hands‑on experience with EDR, IDS/IPS, firewalls, and forensic tools.
Familiarity with NIST and ISO 27001 security frameworks.
Excellent written and verbal communication; able to convey complex security issues clearly to non‑technical audiences.
Strong client‑facing demeanor and composure under pressure.
Team‑oriented with leadership qualities and a proactive, mentoring mindset.
Preferred Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, or related discipline.
Basic scripting or automation skills (Python, PowerShell).
CISSP, CEH, or GIAC certifications such as GCIH, GCIA, or GCFA.
Splunk Certified Power User / Administrator strongly preferred.
Security+ CE (minimum baseline for DoD 8570/8140 compliance).
Physical Demands and Work Environment The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.
EEO Statement Northern Technologies Group is an equal‑opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law.
Travel 10%
Shift On‑site Monday - Friday 8:00am to 5:30pm
Job Level and Type Mid‑Senior level
Full‑time
Job Function and Industry Other, Information Technology, and Management
IT Services and IT Consulting
#J-18808-Ljbffr