Keyloop bridges the gap between dealers, manufacturers, technology suppliers and car buyers.
We empower car dealers and manufacturers to fully embrace digital transformation. How? By creating innovative technology that makes selling cars better for our customers, and buying and owning cars better for theirs.
We use cutting-edge technology to link our clients’ systems, departments and sites. We provide an open technology platform that’s shaping the industry for the future. We use data to help clients become more efficient, increase profitability and give more customers an amazing experience. Want to be part of it?
Role Summary
The L2 SOC Analyst plays a critical role in Keyloop’s 24/7 Security Operations Center, responsible for in-depth investigation, analysis, and response to security alerts and incidents. This role acts as the primary escalation point from L1 analysts (internal or MSP) and is accountable for validating incidents, performing root cause analysis, and driving effective containment and remediation actions.
The L2 SOC Analyst is expected to demonstrate strong technical capability across multiple security technologies, contribute to continuous improvement of SOC processes and detections, and support compliance and assurance requirements. The role requires a proactive mindset, strong analytical skills, and the ability to communicate effectively with technical and non-technical stakeholders.
Key responsibilities
- Incident Investigation & Response
- Investigate and validate escalated security alerts and incidents from L1 SOC analysts.
- Perform detailed analysis to determine scope, impact, root cause, and attacker activity.
- Lead containment, eradication, and recovery actions in collaboration with IT, engineering, and other security teams.
- Ensure incidents are handled in accordance with defined incident response policies, runbooks, and SLAs.
- Document incidents thoroughly, including timelines, findings, actions taken, and recommendations.
Security Monitoring & DetectionActively monitor SIEM dashboards, queues, and alerts as required.Validate detection logic and identify false positives, gaps, and improvement opportunities.Propose and assist with the development of new SIEM use cases, correlation rules, and alert tuning.Support continuous improvement of detection coverage across cloud, on‑premise, and SaaS environments.
SOAR & Automation SupportExecute and validate SOAR playbooks during incident response.Identify opportunities for automation to improve response time, consistency, and quality.Support the SOC Manager in testing, maintaining, and improving automated workflows.
Security Technology OperationsInvestigate alerts and events from a broad range of security technologies, including:Web content filtering solutionsEmail security gatewaysEndpoint Detection & Response (EDR)Managed Detection & Response (MDR)Extended Detection & Response (XDR)Correlate events across tools to build a complete incident narrative.
Threat IntelligenceConsume and analyze threat intelligence relevant to Keyloop’s environment and industry.Apply threat intelligence to investigations, detections, and response actions.Support proactive threat hunting activities based on emerging threats and attacker techniques.
Escalation & CollaborationAct as the escalation point for complex or high-severity incidents.Collaborate closely with the SOC Manager, L1 analysts, IT operations, engineering, and third-party providers.Escalate incidents appropriately based on severity, impact, and business risk.
Compliance & Assurance SupportSupport SOC-related controls for NIST, ISO/IEC 27001, and SOC 2.Ensure investigations, evidence collection, and logging meet audit and regulatory requirements.Assist with audit requests by providing incident records, metrics, and operational evidence.
Continuous Improvement & Knowledge SharingContribute to the creation and maintenance of incident response runbooks and playbooks.Participate in post-incident reviews and lessons-learned activities.Share knowledge and mentor L1 analysts where appropriate.Stay current with evolving threats, attack techniques, and defensive strategies.
Experience and skillsets required:
- 3–6 years of experience in a SOC, security operations, or incident response role.
- Proven hands-on experience investigating and responding to security incidents.
- Practical experience working with SIEM platforms and security alerting systems.
- Exposure to SOAR tools and automated response workflows.
- Experience with endpoint, email, network, and cloud security technologies.
- Familiarity with threat intelligence sources and attacker methodologies.
Skills & CompetenciesTechnical SkillsIncident analysis and responseLog analysis and event correlationEndpoint, email, and network security investigationUnderstanding of attacker tactics, techniques, and procedures (e.g., MITRE ATT&CK)
Soft SkillsStrong analytical and problem-solving abilityClear and concise written and verbal communicationAbility to work under pressure and manage multiple incidentsCollaborative mindset and willingness to support team objectivesAttention to detail and disciplined documentation
Why join us?
We’re on a journey to become market leaders in our space – and with that comes some incredible opportunities. Collaborate and learn from industry experts from all over the globe. Work with game-changing products and services. Get the training and support you need to try new things, adapt to quick changes and explore different paths. Join Keyloop and progress your career, your way.
An inclusive environment to thrive
We’re committed to fostering an inclusive work environment. One that respects all dimensions of diversity. We promote an inclusive culture within our business, and we celebrate different employees and lifestyles – not just on key days, but every day.
Be rewarded for your efforts
We believe people should be paid based on their performance so our pay and benefits reflect this and are designed to attract the very best talent. We encourage everyone in our organisation to explore opportunities which enable them to grow their career through investment in their development but equally by working in a culture which fosters support and unbridled collaboration.
Keyloop doesn’t require academic qualifications for this position. We select based on experience and potential, not credentials.
We are also an equal opportunity employer committed to building a diverse and inclusive workforce. We value diversity and encourage candidates of all backgrounds to apply.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
