Tier 2 Team Lead

About us

Apply now

Send this to a friend

Job
Croatia, Zagreb

Job
Tier 2 Team Lead

Croatia, Zagreb – Full time – Apply before 15.07.26

We are looking for a T2 SOC Team Lead to act as the operational and technical link between Tier 1 SOC operations and advanced security functions, including Tier 3 Incident Response, Cyber Threat Intelligence, and Security Engineering. 

You will lead a Tier 2 analyst team responsible for in-depth security investigations, incident validation, and accurate escalation of critical threats in a 24/7 global SOC environment. You will ensure high detection and response quality while continuously improving processes, detections, and operational maturity.

This is a hands-on leadership role combining technical execution, incident response expertise, and team leadership.

What you’ll do

  • Lead and coordinate daily Tier 2 SOC operations, including capacity planning, scheduling, and prioritization
  • Own the end-to-end incident lifecycle: from initial triage and analysis through validation of true positives and escalation to Tier 3 Incident Response
  • Investigate and respond to escalated Tier 1 SOC alerts
  • Perform deep technical analysis of security incidents (malware, phishing, endpoint, network, cloud)
  • Assess incident severity, impact, and define containment and remediation actions
  • Conduct threat hunting using SIEM, EDR, and network security tools
  • Analyze logs and telemetry from firewalls, IDS/IPS, EDR, IAM, and cloud environments
  • Develop, tune, and optimize detection rules, alert logic, and use cases
  • Maintain SOC documentation, SOPs, and playbooks
  • Collaborate with Incident Response, Vulnerability Management, and Security Engineering during active incidents
  • Drive post-incident reviews and root cause analysis
  • Provide structured reporting and data-driven insights on SOC performance and detection quality
  • Mentor Tier 1 and Tier 2 analysts and support onboarding of new SOC team members

What you bring

  • 3+ years in cybersecurity, SOC operations, or Incident Response
  • Strong understanding of attack techniques, security concepts, and MITRE ATT&CK
  • Hands-on experience with SIEM platforms (Splunk, Sentinel, QRadar, Elastic)
  • Experience with EDR tools and security analytics platforms
  • Solid understanding of networking fundamentals (TCP/IP, DNS, HTTP/S) and basic network forensics
  • Experience analyzing security logs, alerts, and telemetry
  • Understanding of SOC processes, incident response workflows, and security controls
  • Experience in Windows and Linux enterprise environments
  • Strong analytical skills for security event correlation and investigation
  • Ability to make decisions in high-pressure situations
  • Strong communication and reporting skills
  • Proactive, accountable, and team-oriented mindset
  • Excellent English (written and spoken)

What’s in it for you

  • Work in a global SOC environment using advanced tools and modern technologies
  • Ownership of a critical operational security function
  • Continuous learning through certifications, training, and workshops
  • Opportunity to fully develop your potential and grow within your area of responsibility
  • A positive international work environment with a strong focus on quality, collaboration and growth, and active involvement in international projects
  • Exposure to international security projects and complex incidents
  • Hybrid work model with flexible working hours
  • Competitive compensation package
  • Additional and supplementary health insurance
  • Multisport membership
  • Social and team-building activities
Apply now