SOC Analysts: Defining the Difference Between L1/L2/L3 Work

The author of the post works in a managed Security Operations Center (SOC) and describes their daily tasks, which include 24/7 monitoring of clients' SIEM systems, assessing alerts, and escalating incidents deemed true positives. They wonder if in-depth analysis before escalation and report writing fall under Level 2 (L2) work. The author also expresses doubts about the usefulness of differentiating these levels but wants to be able to accurately describe their skills during job interviews.