Senior Security Analyst

Job Description

About the Role We are seeking a skilled Senior Security Analyst to join our SOC team. The ideal candidate will have a strong background in SOC operation and ensure that the SOC team is performing its functions as required and to trouble shoot incidents and events. As a Senior Security Analyst shall also act as the technical SME, and handle critical SOC task, Incident, guiding Level 1 and Level 2, customer communications. Key Roles & Responsibilities: Incident Response and Management Lead the investigation of high-severity security incidents and breaches. Provide expert analysis for complex incidents that L1 and L2 analysts cannot resolve. Develop and execute incident response procedures, including containment, eradication, and recovery. Ensure proper escalation processes are followed for incidents requiring higher expertise. Communicate with stakeholders, such as management and IT teams, to ensure appropriate handling of incidents. Threat Hunting and Analysis Perform proactive threat hunting activities to identify potential vulnerabilities, threats, and attacks before they happen using Splunk / QRadar SIEM. Use threat intelligence feeds to enrich SOC operations and identify emerging threats. Analyze large volumes of security data to detect patterns and anomalies. Security Tool Management Oversee and optimize the usage of security monitoring tools such as Splunk/ QRadar SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection systems. Configure, update, and fine-tune security tools to improve detection capabilities and reduce false positives. Recommend new security tools and technologies to improve SOC operations. Log and Event Analysis Review logs from various sources (network, endpoints, servers, etc.) to identify security incidents. Ensure accurate log data collection and retention practices are followed. Provide in-depth analysis of security alerts and generate reports. Vulnerability Management Conduct vulnerability assessments and prioritize remediation activities for critical vulnerabilities. Collaborate with the IT and development teams to address security flaws and implement patches. Collaboration and Escalation Serve as the point of escalation for L1 and L2 SOC analysts when complex issues arise. Collaborate with other security teams, such as network security, application security, and IT operations, to ensure a comprehensive defense strategy. Work with external partners, including Managed Security Service Providers (MSSPs), to coordinate incident management and threat intelligence sharing. Security Policies and Best Practices Review and recommend improvements to security policies, procedures, and best practices. Ensure that the organization's security policies are being followed and advise on improvements. Conduct regular security awareness training for SOC staff and the broader organization. Reporting and Documentation Generate detailed reports on incidents, security posture, and threats for senior management and relevant stakeholders. Maintain incident logs and documentation to comply with regulatory and internal policies. Ensure all incidents are well-documented with root cause analysis, remediation efforts, and lessons learned. Continuous Improvement Analyze the effectiveness of the SOC's operations and suggest improvements to processes, workflows, and technologies. Stay updated on the latest cyber threats, tools, and techniques. Assist with the development and execution of simulations, exercises, and training to improve SOC capabilities. Compliance and Regulatory Requirements Ensure compliance with SLAs for all projects. Ensure SOC operations meet industry compliance requirements (e.g., GDPR, HIPAA, PCI DSS). Help in audits and compliance assessments related to security operations. Mentoring and Training Provide mentorship and training to junior SOC analysts (L1 and L2). Share knowledge on advanced attack techniques, response strategies, and threat detection methods. Report deviations and concerns to the SOC Manager Basic Qualifications: B.E/B.Tech in Computer Science, Information Technology, Cybersecurity, or a related field. 5+ year of experience and strong foundational knowledge in security operations, SIEM, or IT security. Basic understanding of cybersecurity concepts, networking fundamentals, and security monitoring. Knowledge of IT infrastructure, networking, and cybersecurity principles. Communicate effectively with customers, teammates, and management Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills. Preferred Qualifications: Certifications in ECIH/GCIH/CISM/CISSP etc. Splunk Certified candidate Exposure to SIEM solutions, specifically Splunk, Qradar ,DNIF or similar platforms. Familiarity with security tools such as EDR, XDR, WAF, DLP, email security gateways, and proxy solutions. Enthusiasm for learning and a strong interest in cybersecurity as a career. Ability to work in a team and adjust to rotational shifts in a high-stakes environment. Knowledge of cloud security and platforms (e.g., AWS, Azure, GCP)