SOC ANALYST TIER 2/3 (Contractor)

November 6, 2025

Other Jobs To Apply

SOC 2/3 Engineer (Remote Contractor): General Duties - Responsible for investigating security incidents and determining their root causes. They review incidents that have been escalated by Tier 1 analysts, who are responsible for collecting data and reviewing alerts. Tier 2/3 analysts use threat intelligence, such as indicators of compromise, TTPs, and company host system/network data sets to assess the alerts, threats and potential incidents in more depth. General Skills - They have deep experience with SIEM tools specifically Crowdstrike SIEM, network data, host data, Identity and Access log data, developing SIEM use cases, reducing/tuning false alerts and leading investigations until issues have been resolved. They will also monitor systems and events across different operating systems, such as Windows, macOS, and Linux. Specific Requirements - <ul> <li>Must have 5+ years recent experience as Tier 2 or 3 analyst at a large organization; government and Critical Infrastructure company preferred. </li> </ul> <ul> <li>Must have strong, demonstrated SIEM and data correlation experience </li> </ul> <ul> <li>Must have demonstrated experience designing new SOC use cases and working with vendor on implementing new use cases. </li> </ul> <ul> <li>Must have experience designing and implementing runbooks and use cases to mitigate security incidents </li> </ul> <ul> <li>Experience designing Incident Response plan, including alert definition, runbooks, escalation, etc.. </li> </ul> <ul> <li>Experience documenting incident response communications for technical and management audiences </li> </ul> <ul> <li>Must have extensive experience reviewing and managing alerts in Microsoft Defender, Splunk </li> </ul> <ul> <li>Must have experience conducting hunts across disparate data sets, to include host data, vulnerability data, threat data, network data, active directory data, among others to identify threats </li> </ul> <ul> <li>Experience leading timely security operations response efforts in collaboration with stakeholders </li> </ul> <ul> <li>Must have experience setting up alert rules and effective alert management </li> </ul> <ul> <li>Demonstrated ability to create runbooks and conducting investigations with key application, IT Infra and other stakeholders </li> </ul> <ul> <li>Experience designing custom SOC SIEM use cases in Defender, Splunk and CRWD </li> </ul> <ul> <li>Experience conducting forensic work investigations </li> </ul> <ul> <li>Strong security operations documentation abilities </li> </ul> Attributes sought - <ul> <li>Must be proactive, problem solver and curious. </li> </ul> <ul> <li>Most be a problem solver </li> </ul> <ul> <li>Must be curious </li> </ul> <ul> <li>Must be analytical, qualitative and quantitative abilities </li> </ul> <ul> <li>Must be adaptive to dynamic environment </li> </ul> **MST or PST shift times**

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...