Work Whale
Find JobsFind WorkersPost a JobHire TalentPricingHow It WorksAbout
Log InSign Up Free
Back to jobs
Work Whale

Connecting great employers with talented remote workers worldwide.

For Workers

  • Browse Jobs
  • Create Profile
  • How It Works

For Employers

  • Post a Job
  • Hire Talent
  • How It Works

Company

  • About Us
  • Pricing
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 Work Whale. All rights reserved.

Built for remote work, made for everyone.

C

SOC Analyst L2

CallTek

Remote Posted Jun 25, 2026
Full TimeCybersecurity

Job Description

As a SOC Analyst L2, you will lead deeper investigations of escalated cases, confirm incidents, determine scope and impact, drive containment actions with internal teams, and produce high-quality technical communications and post-incident outputs. You will also contribute to detection improvement (tuning, new detections, playbook updates). Responsibilities {{:}} Take escalations from L1 and perform in-depth investigations{{:}} hypothesis-driven analysis, evidence validation, scoping, impact assessment, and timeline building. Correlate telemetry across endpoint (EDR), Windows/Linux, AD, firewall/proxy/DNS/IDS, and (when applicable) cloud logs. Recommend and/or coordinate containment actions (host isolation, credential resets, IOC blocks, temporary control changes) following change control and governance. Determine severity and communicate clearly in English to technical stakeholders; provide concise executive-style updates when required. Identify detection gaps and drive improvements{{:}} reduce false positives, close false negatives, propose new rules/use cases. Ensure evidence integrity and proper documentation, coordinate handoffs with IR, IT Ops, Network, and Cloud teams. Produce post-incident deliverables{{:}} probable root cause, lessons learned, and preventive actions. Requirements 2-5 years in SOC/IR/Blue Team (or equivalent demonstrated incident-handling experience). Solid fundamentals in networking{{:}} TCP/IP, DNS, HTTP/S, VPN, NAT. EDR investigations (process trees, persistence, LOLBins behavior, containment workflows). Windows/AD triage (authentication patterns, suspicious logon behavior, account activity) and Linux triage. Network analysis and security controls (firewall/IDS/proxy/DNS), recognizing anomalous patterns. Proven ability to produce defensible scoping and timelines based on evidence. High documentation standards and the ability to perform under pressure. Threat hunting experience and MITRE ATT\&CK mapping. Detection engineering exposure (Sigma/YARA at a basic/intermediate level), use-case design, and SIEM correlation strategy. Basic forensics capabilities (acquisition concepts, triage artifacts, memory/disk fundamentals). Certifications aligned to Blue Team / IR (e.g., GCIH/GCIA, BTL2, SC-200, etc.) Strong spoken and written English (B2-High/C1 preferred) — able to lead technical calls, write incident summaries, and investigation notes

Requirements

  • Communication — 1 year
  • Remote Work — 1 year
Competitive salary

Competitive compensation

Apply Now

Sign in to submit your application

About CallTek

C

CallTek

CategoryCybersecurity
TypeFull Time
LocationRemote
ExpiresNo expiry