Senior Security Operations Center Analyst || Only Immediate Joiner

Location:

Experience:

Mode:

Note: Only Immediate Joiner

Role Overview

SOC Analyst (L2/L3)

Key Responsibilities

Security Monitoring & Analysis

• Perform continuous security monitoring using SIEM tools (Splunk/QRadar/ArcSight/LogRhythm).
• Analyze alerts, logs, network traffic, and endpoint telemetry.
• Identify false positives and fine-tune detection rules/correlation alerts.
• Utilize threat intelligence feeds to enrich events and improve detection.

Incident Detection & Response

• Lead and drive end-to-end Incident Response (IR) activities.
• Perform deep-dive investigations of security incidents, malware, network attacks, and suspicious activities.
• Execute containment, eradication, and recovery procedures.
• Document incidents and generate detailed incident reports & RCA.

Threat Hunting

• Conduct proactive threat hunting using SIEM, EDR, Threat Intel, and behavioral analytics.
• Detect anomalies, unknown threats, and lateral movement patterns.
• Build new detection rules and playbooks from hunt outcomes.

Endpoint & Network Security

• Analyze endpoint alerts using EDR tools (CrowdStrike, Carbon Black, SentinelOne, Defender for Endpoint).
• Investigate network-based attacks: DDoS, brute-force, privilege escalation, insider threats, malware, ransomware.

Vulnerability & Risk Management

• Coordinate with security teams for vulnerability prioritization and remediation.
• Support risk assessments and recommend mitigation strategies.

Automation & Playbooks

• Improve SOC efficiency using SOAR tools (Cortex XSOAR, Splunk SOAR, IBM Resilient).
• Create and update incident response runbooks and automated workflows.

Collaboration & Reporting

• Work closely with IT, Cloud, Infra, and App teams for resolution.
• Prepare weekly/monthly security reports, dashboards, and executive summaries.
• Provide knowledge transfer and mentor junior analysts.

Required Skills & Qualifications

• 7+ years experience in SOC operations (L2/L3 role preferred).
• Hands-on experience with

  SIEM

  (Splunk/QRadar/ArcSight/ELK).
• Strong expertise in

  EDR

  ,

  SOAR

  , and

  Threat Intelligence

  .
• Deep understanding of

  MITRE ATT&CK

  , NIST, ISO 27001, and security frameworks.
• Advanced knowledge of TCP/IP, firewalls, IDS/IPS, proxies, DNS, VPN, and network security concepts.
• Experience in

  Incident Response, Malware Analysis, Threat Hunting, Log Analysis

  .
• Ability to write detection rules, correlation searches, and signatures.
• Strong analytical, documentation, and communication skills.

Preferred Certifications

• CEH / CHFI

• CompTIA Security+ / CySA+

• Splunk Power User / Admin

• GCIA / GCIH / GMON

• Azure/AWS Security

Shift

• Should be flexible for

  24/7 rotational shifts

  .