L2 SOC Analyst

 L2 SOC Analyst 
An L2 Analyst will collaborate with security experts, investigate complex incidents, and ensure thesecurity of our critical systems. If you have a passion for cybersecurity and enjoy working in a fast-paced environment, this is the perfect opportunity for you.Responsibilities1. Perform deep analysis to security incidents to identify the full kill chain2. Perform remediation steps according to the findings or initiate steps for remediation3. Prepare RCA for major incidents4. Handle L2 and above level technical escalations from L1 Operations team and resolve withinSLA.5. Identify the security gaps and need to recommend new rules/solution to L3/Customer6. Need to suggest finetuning for existing alert rules based on the high count/whereverrequired7. Create and manage the Incident handling playbook, process runbooks and ad-hocdocuments whenever needed8. Recommend finetuning for alerts with logic and threshold, and possibly the query as well forthe SIEM9. Recommend new usecases with logic and threshold, and possibly the query as well for theSIEM10. Respond to clients requests, concerns, and suggestions11. Proactively support L1 team during an incident.12. Performs and reviews tasks as identified in a daily task list.13. Ready to work in 24x7 rotational shift model including night shift14. Incident detection, triage, analysis and response.15. Coordinating with customers for their security related problems and providing solutions.16. Share knowledge to other analysts in their role and responsibilities17. Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets.Knowledge Experience:Minimum 5+ Years of experience in Security Operations Security event monitoring, alert triage, and thorough incident investigation. Research and understand log sources for effective security monitoring. Isolate issues, respond to incidents, and mitigate threats swiftly. Adjust SIEM rules for better alert and incident specifications. Optimize SIEM capabilities, aid in audit/logging, and generate timely reports. Conduct vulnerability scans, prioritize, and plan remediation. Proactively search for suspicious activities through Threat Hunts. Offer valuable Threat Intelligence to verify security concerns. Identify endpoint threats using EDR/AV analysis and Cybereason scans. Develop and maintain security operation standards, procedures, and playbooks.Essential Skills:Knowledge and hands-on experience with SIEM Platforms- Sentinel or Splunkor Qradar or Chronicle.Knowledge and hands-on experience with EDR Platofrms- Crowdstrike or CyberReason or Defenderor Carbon Black.Strong verbal and written English communicationAbility to work with minimal levels of supervisionAvailable to work in a 24x7 Security Operation centre (SOC) environment- shared MSSP.