Security Operations Center (SOC) Analyst, L2

Lexmark is now a proud part of Xerox, bringing together two trusted names and decades of expertise into a bold and shared vision.

When you join us, you step into a technology ecosystem where your ideas, skills, and ambition can shape what comes next. Whether you’re just starting out or leading at the highest levels, this is a place to grow, stretch, and make real impact—across industries, countries, and careers.

From engineering and product to digital services and customer experience, you’ll help connect data, devices, and people in smarter, faster ways. This is meaningful, connected work—on a global stage, with the backing of a company built for the future, and a robust benefits package designed to support your growth, well-being, and life beyond work.

Role Summary:

This role leverages AI-assisted detection and investigation capabilities to accelerate analysis while maintaining strict independent validation against authoritative telemetry and established runbooks.

Purpose:

The analyst uses AI-assisted capabilities to accelerate triage and investigations, while independently validating model outputs against authoritative telemetry and established procedures.

Scope:

You will produce investigation artifacts (timeline, evidence, and queries used) suitable for peer review and audit and contribute to continuous improvement through structured feedback to detection engineering.

Influence:

You will also participate in security awareness and end-user engagement activities as needed to reinforce secure behaviors and reporting practices.

What You Will Do:

Incident Monitoring, Investigation, and Response:

• Monitor and triage security alerts and events using security tools and technologies (e.g., SIEM, EDR/XDR, IAM/IdP telemetry, email security, cloud audit logs).
• Investigate medium-to-complex alerts to determine scope, impact, and likely root cause; build defensible incident narratives grounded in evidence.
• Perform cross-source correlation and create timelines across endpoint, identity, network, and cloud/SaaS telemetry to validate detections and identify related activity.
• Use hypothesis-driven investigation techniques: generate competing hypotheses, design targeted tests, and update conclusions as evidence of changes.
• Make risk-based decisions aligned to runbooks (e.g., contain vs monitor); document rationale, confidence level, and next steps.

AI-Augmented Investigation and Verification (Key 90-Day Expectation):

• Leverage AI-assisted investigation capabilities (e.g., summarization, enrichment, clustering, prioritization) to accelerate triage and investigations.
• Perform AI-augmented investigations as a core responsibility, using AI tools to enhance hypothesis generation, evidence correlation, and incident analysis.
• Independently validate all AI-generated outputs against authoritative telemetry and established runbooks before taking action.
• Translate “why flagged” signals into evidence-based explanations suitable for peer review.
• Identify and document inconsistencies, hallucinations, and gaps in AI outputs, ensuring accuracy and reliability.
• Execute response actions that are pre-approved in playbooks and verify outcomes with clear documentation of results.
• Escalate cases with complete context including timeline, evidence, impact assessment, actions taken, and recommended next steps.

Documentation, Communication, and Automation Safety:

• Document investigations in the case management system, including queries used, evidence excerpts, timelines, decisions, and residual risk.
• Provide structured feedback to detection engineering and ML stakeholders to improve alert fidelity and reduce false positives.
• Maintain up-to-date knowledge of cybersecurity threats, attacker techniques, detection methodologies, and AI-assisted security operations practices.

Basic Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent practical experience).
• 2+ years of experience in a Security Operations Center, security monitoring, or incident triage/investigation role (Level 2 or equivalent).
• Applied proficiency investigating alerts using SIEM queries/pivots and one or more of the following: EDR/XDR, IAM/IdP telemetry, cloud audit logs, email security, network telemetry.
• Strong analytical and problem-solving skills with the ability to conduct hypothesis-driven investigations and produce defensible conclusions.
• Strong written and verbal communication skills with the ability to collaborate effectively across teams and produce audit-ready documentation.
• Ability to work in a fast-paced environment and manage multiple concurrent investigations.
• Working knowledge of AI-assisted security operations concepts and limitations (e.g., false positives, bias, hallucinations) with a strong emphasis on validation and evidence-based decision making.
• Strong discipline in handling sensitive data and using AI tools responsibly (approved platforms, data minimization, and secure practices).

Preferred Qualifications:

• Certifications such as CompTIA Security+, CEH, GIAC (e.g., GCIH/GCIA/GMON), or similar.
• Experience with MITRE ATT&CK mapping to structure investigations and communicate findings.
• Experience investigating cloud environments (AWS, Azure) and interpreting cloud/SaaS telemetry.
• Experience with scripting or query languages (e.g., Python, PowerShell, SQL) for enrichment and analysis.
• Experience executing SOAR playbooks with human-in-the-loop validation.
• Experience contributing to detection of engineering improvements and SIEM tuning.
• Experience using LLM/AI copilots to accelerate investigations while maintaining strict validation and secure data handling practices.