Job
Croatia, Zagreb
Croatia, Zagreb
Job
Tier 2 Team Lead
Croatia, Zagreb – Full time – Apply before 15.07.26We are looking for a T2 SOC Team Lead to act as the operational and technical link between Tier 1 SOC operations and advanced security functions, including Tier 3 Incident Response, Cyber Threat Intelligence, and Security Engineering.
You will lead a Tier 2 analyst team responsible for in-depth security investigations, incident validation, and accurate escalation of critical threats in a 24/7 global SOC environment. You will ensure high detection and response quality while continuously improving processes, detections, and operational maturity.
This is a hands-on leadership role combining technical execution, incident response expertise, and team leadership.
What you’ll do
- Lead and coordinate daily Tier 2 SOC operations, including capacity planning, scheduling, and prioritization
- Own the end-to-end incident lifecycle: from initial triage and analysis through validation of true positives and escalation to Tier 3 Incident Response
- Investigate and respond to escalated Tier 1 SOC alerts
- Perform deep technical analysis of security incidents (malware, phishing, endpoint, network, cloud)
- Assess incident severity, impact, and define containment and remediation actions
- Conduct threat hunting using SIEM, EDR, and network security tools
- Analyze logs and telemetry from firewalls, IDS/IPS, EDR, IAM, and cloud environments
- Develop, tune, and optimize detection rules, alert logic, and use cases
- Maintain SOC documentation, SOPs, and playbooks
- Collaborate with Incident Response, Vulnerability Management, and Security Engineering during active incidents
- Drive post-incident reviews and root cause analysis
- Provide structured reporting and data-driven insights on SOC performance and detection quality
- Mentor Tier 1 and Tier 2 analysts and support onboarding of new SOC team members
What you bring
- 3+ years in cybersecurity, SOC operations, or Incident Response
- Strong understanding of attack techniques, security concepts, and MITRE ATT&CK
- Hands-on experience with SIEM platforms (Splunk, Sentinel, QRadar, Elastic)
- Experience with EDR tools and security analytics platforms
- Solid understanding of networking fundamentals (TCP/IP, DNS, HTTP/S) and basic network forensics
- Experience analyzing security logs, alerts, and telemetry
- Understanding of SOC processes, incident response workflows, and security controls
- Experience in Windows and Linux enterprise environments
- Strong analytical skills for security event correlation and investigation
- Ability to make decisions in high-pressure situations
- Strong communication and reporting skills
- Proactive, accountable, and team-oriented mindset
- Excellent English (written and spoken)
What’s in it for you
- Work in a global SOC environment using advanced tools and modern technologies
- Ownership of a critical operational security function
- Continuous learning through certifications, training, and workshops
- Opportunity to fully develop your potential and grow within your area of responsibility
- A positive international work environment with a strong focus on quality, collaboration and growth, and active involvement in international projects
- Exposure to international security projects and complex incidents
- Hybrid work model with flexible working hours
- Competitive compensation package
- Additional and supplementary health insurance
- Multisport membership
- Social and team-building activities