IAM Operations(L2)(IAM+SOC+VM) (Exp required 4 To 6 years)

JD- L2 Squad- Senior Associate

Squad (TDR, IAM, VM, SecOps) Senior Associate Operations Sr. Associate L2

The Cybersecurity L2 Analyst acts as an advanced technical contributor responsible for incident investigation, platform operations, vulnerability analysis, IAM operations, and cross-tower support across TDR, IAM, VM, and SecOps. This role performs deeper analysis than L1, handles escalations, optimizes detection logic, drives improvements, and ensures operational excellence. The L2 Analyst collaborates with L3, engineering teams, platform teams, and client stakeholders to ensure a stable, resilient, and effective cybersecurity environment.

• Share and collaborate effectively with others, creating a positive team spirit.
• Identify and make suggestions for improvements when problems and/or opportunities arise.
• Validate data and analysis for accuracy and relevance.
• Follow risk management and compliance procedures.
• Keep up to date with developments in your area of specialty.
• Communicate confidently in a clear, concise, and articulate manner - verbally and in written form.
• Seek opportunities to learn about the wider economy alongside the business models/corporate governance and/or regulatory environment of our clients.
• Uphold the firm's code of ethics and business conduct.

Required Skills & Qualifications

• 36 years of relevant experience in SOC, VM, IAM, or SecOps operations.
• Strong hands-on experience with SIEM, EDR, VM tools, IAM platforms, Network Security tools like Web, Email gateway, DLP and ITSM systems.
• Proficient in creating detection logic, correlation rules, and performing threat analysis.
• Solid understanding of networking, OS security, identity governance, and vulnerability assessment methodologies.
• Strong communication, documentation, and analytical skills.
• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related field.

Preferred Skills

• Experience with scripting (Python, PowerShell, Bash).
• Knowledge of cloud platforms (Azure/AWS/GCP).
• Understanding of MITRE ATT&CK, vulnerability scoring, threat intelligence.
• Security certifications such as Security+, CEH, AZ-900, ITIL & other relevant skill

Key Responsibilities:

1. Security Monitoring & Incident Response

• Monitor SIEM, EDR, and threat intel dashboards for advanced threat patterns.
• Conduct deep-dive investigations into suspicious activity and escalate to L3 as needed.
• Execute containment, eradication, and remediation actions on confirmed incidents (where preapproved).
• Perform advanced alert tuning, write detection logic, correlation rules, and enrichment logic.
• Document investigation steps, timelines, actions taken, conclusions, and lessons learned.

2. Vulnerability Management & Risk Analysis

• Perform daily health checks on scanners, credential states, asset discovery, and SLA breach monitoring.
• Run and analyze network, container, cloud, agent-based, and web-app scans.
• Maintain credential hygiene, tag governance, and asset deduplication.
• Validate false positives, categorize exceptions, and assign remediation tasks.
• Configure RBVM systems with threat-feed weighting, MITRE ATT&CK mapping, and crown-jewel tagging.
• Manage and document exception workflow, review compensating controls, evidence validation, and SLA adjustments.

3. IAM Operations (L2 Level)

• Perform manual provisioning into enterprise applications (AD, SAP, JDE, Oracle).
• Manage certificate lifecycle activities, ensuring renewals before expiry.
• Execute SOP-driven IAM workflows for PAM, IGA, and Access Management.
• Validate IAM tickets for completeness, risk, and compliance before escalating.
• Provide evidence for audits related to provisioning/deprovisioning.

4. Operational Reporting & SLA Governance

• Produce weekly and monthly operational metrics, SLA reports, and deviation analysis.
• Identify outliers, noise patterns, abnormalities, and propose tuning or process enhancements.

5. Application & System Maintenance (TDR, IAM, VM, SecOps)

• Perform routine platform health checks, backup verification, scheduled job validation, and ensure system stability.
• Validate multi-source log ingestion, troubleshoot ingestion failures, and coordinate with platform teams for fixes.
• Handle break-fix scenarios, analyze root causes, and implement corrective actions.
• Manage user administration for security tools (access, roles, entitlements).

6. Ticketing, Queue Management & Workflow Assurance

• Oversee remediation ticket queues, ensuring ageing tickets are escalated or followed up appropriately & the mailbox for the inbound mails.
• Validate support requests (false positives, exceptions, reassignments) before escalating to L3.

7. Documentation, Knowledge Management & Training

• Maintain detailed documentation of daily operations, incident logs, troubleshooting steps, configuration changes, and platform updates.
• Create and update SOPs, runbooks, playbooks, training documents, and knowledge articles.
• Provide training and knowledge transfer to L1 analysts and new joiners.

8. Continuous Improvement & Automation

• Identify opportunities for automation using SOAR, scripting, AI or workflow tools.
• Participate in Policy tuning and optimization of tools across SOC, IAM, VM, and SecOps.

9. Compliance & Governance Support

• Assist in maintaining compliance with standards such as ISO 27001, SOC2, NIST, GDPR.
• Support audit readiness through artifact preparation and evidence maintenance.

10. Cross-Team Collaboration

• Work with cybersecurity architects, platform engineers, and client SMEs to address systemic issues.
• Participate in war rooms, incident post-mortems, and Root cause analysis discussions.

11. Customer Communication

• Provide timely updates to clients on investigations, remediation progress, and ticket status.
• Participate in operational review meetings to present operational insights.