Job
Description
Job Title: Lead SOC Analyst (Microsoft Sentinel Specialist) Location: Bangalore (Work from Office) Department: Security Operations Center (SOC) Reports To: SOC Manager / Head of Security Operations Job Summary: We are seeking a highly skilled and experienced Lead SOC Analyst with deep expertise in Microsoft Sentinel to join our Security Operations Center. The ideal candidate will be responsible for leading threat detection, incident response, and proactive threat hunting activities, with a primary focus on leveraging Microsoft Sentinel and its associated Microsoft Defender XDR ecosystem. Key Responsibilities: Lead day-to-day SOC operations, ensuring timely detection, triage, analysis, and response to security incidents. Design, develop, and fine-tune Microsoft Sentinel analytics rules (KQL) , workbooks, playbooks (Logic Apps), and automation rules. Oversee and improve threat detection use cases , MITRE ATT&CK coverage, and alert tuning in Microsoft Sentinel. Correlate events from Microsoft Defender for Endpoint, Defender for Identity, Defender for Office 365, and Defender for Cloud to drive enriched detections. Perform proactive threat hunting using Sentinel and other available tools. Guide and mentor SOC Analysts (L1/L2), provide technical escalation support and help develop their technical capabilities. Lead or participate in incident response efforts , including forensic investigation and root cause analysis. Maintain and update SOC documentation, playbooks, and SOPs. Collaborate with internal teams and customers to provide insights, reports, and continuous improvements. Stay updated on the latest cyber threats, vulnerabilities, and Microsoft security product enhancements. Required Skills & Experience: 5+ years of experience in cybersecurity, with at least 2 years of hands-on experience with Microsoft Sentinel . Strong command of Kusto Query Language (KQL) . Experience with Microsoft Defender suite (MDE, MDI, MDO, MDC) and integration with Sentinel. Solid understanding of SIEM/SOAR concepts , threat detection, incident response, and threat hunting. Familiarity with MITRE ATT&CK framework and NIST/ISO incident response process. Experience with Azure Logic Apps and automation in Sentinel is a plus. Hands-on experience in handling advanced persistent threats (APT) , phishing campaigns, lateral movement, and data exfiltration incidents. Preferred Certifications (one or more): Microsoft Certified: Security Operations Analyst Associate (SC-200) Certified SOC Analyst (CSA) Soft Skills: Strong communication and leadership skills. Ability to manage priorities and multitask effectively in a high-pressure environment. Analytical and detail-oriented with a proactive mindset.
