The Tier 2 security investigator steps in when the threat has been identified as real. Based on the threat intelligence which is increasingly relying on automation to increase the speed of response, the security investigator will work to identify hosts and devices which suffered the attack, analyze processes, etc. Investigator’s responsibility will be the discovery of the sources of attack, its development stages, residence in the protected IT environment, etc. Security investigators of Tier 2 also have to develop and implement strategies for threat mitigation and eradication aimed at minimization of the damage to the stage when the recovery or remediation can be started to get things to where they should be.

The primary responsibility of this SOC team member is to timely stop real attack and minimize its consequences. Surely, as we stated before ultimate success depends not only on the tools used and expertise but also on the efficient work of the Tier 1 analysts.  

The skills set of a typical Tier 2 security investigator is similar to that of a Tier 1 analyst, but additionally, you should expect: system administration, web programming and scripting languages, also forensics, malware assessment, and threat intelligence skills are expected. A major advantage would be ethical hacker training. 

Trilight Security offers for outsourcing trained security investigators with experience obtained in extremely different IT environments.

Read more about SOC team composition and SOC-as-a-Service

To Augment your SOC Team with a Qualified Tier 2 Security Investigator:

Learn About Benefits We Bring


Managed Security Service Providers have already become a new reality for businesses of all sizes. Indeed, partnership with true MSSP brings you and your security team more than just a few serious benefits. DOWNLOAD our whitepaper and find out more.

Download Whitepaper

Trilight Security

EU, Estonia, Tallinn,
Harju maakond,
Kesklinna linnaosa,
Vesivärava tn 50-201, 10126

[email protected]
+3728801525