​Quzara is a specialized cybersecurity firm that focuses heavily on government, DoD, and highly regulated environments. This L2 (Tier 2) SOC Analyst role is a technical escalation point within a 24/7/365 Security Operations Center. As an L2, you are expected to move beyond simple alert monitoring into deep-dive forensic analysis, proactive threat hunting, and end-to-end incident handling using the Microsoft Security Stack.

• ​Requisition ID: 1044
• ​Location: 100% Remote (US Citizenship Required)
• ​Experience Required: 5+ years in a SOC/MSSP/MXDR environment.
• ​Core Technology: Microsoft Sentinel (SIEM), Defender XDR, Splunk, and KQL/SPL.
• ​Shift Work: Required (24/7 environment including nights, weekends, and holidays).

​Key Responsibilities: Advanced Detection & Response

​This role bridges the gap between initial triage and high-level security engineering, requiring a practitioner who can handle “real-time” pressure.

​Microsoft Sentinel & XDR Operations

​You will be a power user of Microsoft Sentinel and the Defender suite. This includes utilizing Log Analytics and writing complex KQL (Kusto Query Language) and SPL queries to perform security analytics. You are responsible for implementing SIEM/SOAR automations that help the SOC scale its response capabilities.

​End-to-End Incident Response

​Following the NIST Incident Response Framework, you will own the lifecycle of an incident. This includes containment (isolating a host), eradication (removing the threat), and recovery. You will also participate in deeper forensic tasks such as packet analysis, log correlation across disparate sources, and endpoint forensics.

​Threat Hunting & MITRE Mapping

​You will conduct proactive threat hunts to identify anomalies that automated alerts might miss. These hunts are structured using the MITRE ATT&CK Framework, ensuring that the SOC is looking for specific adversary behaviors like lateral movement or credential dumping rather than just known malware hashes.

​Required Qualifications and Skills

​Quzara seeks a “Battle-Tested” analyst who understands the rigors of regulated and government-sector security operations.

• ​Experience: 5+ years of professional experience as an L2 SOC Analyst.
• ​Query Proficiency: Expert-level KQL and SPL skills are mandatory for investigation and hunting.
• ​Technical Breadth: Strong hands-on experience with EDRs (CrowdStrike, SentinelOne) and scripting languages (Python, PowerShell).
• ​Compliance Knowledge: Experience with DoD, FedRAMP, or CJIS requirements and NIST-based operational compliance.
• ​Education & Certs: A relevant degree is expected, alongside certifications such as GCIH, GCFA, SC-200 (Microsoft Security Operations Analyst), or CySA+.

​Summary of Role Impact

​At Quzara, L2 Analysts are the “defensive backbone.” Because the firm handles government and regulated clients, the stakes for every incident are incredibly high. Your ability to distinguish a complex “low-and-slow” attack from a false positive ensures that critical national infrastructure and sensitive data remain protected. By refining playbooks and conducting post-incident reviews, you directly improve the security posture of both Quzara and its global client base.