Security Analyst L2

About us

HR Path Company is the Human Resource Solutions Specialist. As a partner of the leading vendors of the market, it carries out HRIS implementation projects and payroll outsourcing for large accounts as well as for SMEs. HR Path supports you in all your HR strategies, in France and internationally.

The group, established in 2001, has over 1500 employees, supports more than 1,500 clients and generates Headquartered in Paris, HR Path also has international subsidiaries in 18 different countries.

We are the most experienced Workday and SuccessFactors partner in APAC

For more information, visit

Role Overview

The L2 Security Analyst is responsible for advanced monitoring, in-depth incident investigation, and response coordination within the Security Operations Center (SOC). Unlike L1 analysts who focus on detection and triage, L2 analysts perform deep-dive analysis, validate threats, and own incidents until resolution or escalation to L3. The role requires strong technical expertise, analytical skills, and effective communication.

SIEM Monitoring, Detection & Threat Hunting

• Perform advanced event correlation, behavioral analytics, and proactive threat hunting using SIEM platforms (primarily Splunk).
• Design, fine-tune, and optimize SIEM detection rules and use cases to improve detection accuracy and significantly reduce false positives.
• Analyze anomalous user and system behavior, including privilege escalation, lateral movement, suspicious authentication patterns, and data access anomalies.
• Continuously improve SOC detection coverage by aligning use cases with MITRE ATT&CK techniques and emerging threat trends.

Firewall, Proxy & Email Security Analysis

• Review and analyze firewall and proxy logs to identify malicious IPs, command-and-control (C2) communications, suspicious outbound traffic, and potential data exfiltration attempts.
• Investigate email-based threats such as phishing, business email compromise (BEC), spam, and malware-laden attachments using sandboxing, URL reputation checks, and detailed header analysis.
• Recommend and implement containment and remediation actions, including IP/domain blocking, URL filtering, mailbox remediation, and user account suspension or reset.

Incident Response & Forensics

• Take end-to-end ownership of security incidents escalated from L1 analysts, ensuring timely investigation and resolution.
• Conduct thorough root cause analysis (RCA) to identify attack vectors, impacted assets, scope of compromise, and business impact.
• Perform basic to intermediate forensic analysis, including log correlation, file hash verification, IOC validation, and timeline reconstruction.
• Collaborate closely with IT, Network, Cloud, and Endpoint teams to contain, eradicate, and recover from security incidents in line with established playbooks.

SLA Management & Reporting

• Ensure strict adherence to defined SLAs for incident acknowledgment, investigation, escalation, and closure.
• Prepare comprehensive incident reports for internal management and external clients, detailing findings, actions taken, and preventive recommendations.
• Contribute to monthly and quarterly SOC performance reports, metrics, and continuous improvement initiatives.

Collaboration, Mentorship & Escalation

• Provide technical guidance and mentorship to L1 analysts, supporting effective triage, analysis, and escalation decisions.
• Escalate highly complex incidents, advanced persistent threats (APTs), or sophisticated attack campaigns to L3 SOC or Threat Hunting teams.
• Participate in client calls, security reviews, audits, and compliance discussions as a technical SOC representative.

Required Skills & Competencies

• Strong understanding of network security fundamentals and protocols, including TCP/IP, DNS, HTTP/HTTPS, VPNs, IPS/IDS, and common attack techniques.
• Proven proficiency with SIEM platforms and large-scale log analysis.
• Hands-on experience with firewall, proxy, EDR, and email security technologies.
• Working knowledge of malware analysis fundamentals, threat intelligence feeds, and IOC enrichment and validation.
• Solid understanding of the incident response lifecycle and industry frameworks such as NIST and ISO.
• Excellent communication and documentation skills, with the ability to clearly present technical findings to both technical and non-technical stakeholders.
• Willingness and ability to work in a 24/7 rotational shift environment.

Preferred Certifications

(Not mandatory, but highly desirable for SOC L2 roles)

• CompTIA Security+ or CySA+
• EC-Council CEH or ECIH (Incident Handler)
• Splunk Core Certified Power User or QRadar SIEM Certification
• Microsoft SC-200 (Security Operations Analyst)
• Fortinet NSE 4 or Palo Alto PCNSA
• AWS or Azure Security Fundamentals (cloud security exposure is a plus)

Education & Experience

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or an equivalent field.
• 3–6 years of hands-on experience in SOC operations, security monitoring, or incident response.
• Demonstrated experience handling incidents end-to-end and mentoring or supporting junior SOC analysts (L1).