Senior Soc Analyst

The L2 analyst will be responsible for advanced monitoring, analysis, and incident response activities, acting as an escalation point for L1 analysts. The role requires strong technical expertise, problem-solving skills, and the ability to handle complex security incidents while ensuring timely containment and remediation.

Experience required: Candidate must have 4-5 years of total experience with 2-3 years in a SOC or Cybersecurity Operations role.

Knowledge:

Incident detection, triage, containment, eradication and recovery processes.
Writing incident reports with root cause analysis and recommendations.     knowledge of Security Incident investigative techniques Knowledge of SOAR platorms for workflow automation

Skills required:

Hands-on experience with SIEM tools (e.g., Splunk, LogRhythm, QRadar, ArcSight).
Strong knowledge of Windows, Linux, and network security logs. Experience in malware analysis, phishing investigation, and threat hunting. Understanding of MITRE ATT&CK framework, intrusion detection systems (IDS/IPS), and firewalls. Familiarity with EDR/XDR solutions (CrowdStrike, SentinelOne, Carbon Black, etc.).

Shift: Rotational 24x7 SOC environment

1. Act as an escalation point for SOC L1 analysts by validating, triaging, and investigating security alerts. 
2. Ensure Security Incident are handled as per SLA. 3. Perform deep-dive analysis on security events to identify malicious activity, potential threats, and false positives.  4. Investigate incidents involving malware, phishing, account compromise, lateral movement, and insider threats.  5. Respond to and manage security incidents in accordance with the Incident Response playbooks.  6. Perform root cause analysis and provide actionable recommendations to mitigate risks.  7. Collaborate with threat intelligence teams to enrich alerts and improve detection rules/use cases.  8. Assist in developing, tuning, and maintaining SIEM rules, dashboards, and correlation logic.  9. Document incidents, findings, and remediation steps in detailed incident reports.  10. Mentor and guide L1 analysts, providing knowledge transfer and training.  11. Work with IT and business stakeholders during incident containment, eradication, and recovery phases. 12. Ensure log sources are integrated. 13. Update IoC/IOA in the NGSOC solution which are manually received from threat feeds / external advisory / partner. 14. Access Management – User Creation, Deletion, Modification, and Assigning the privilege level. 15. Work with SOC Team, Threat Hunter, and IFTAS’ teams to lead the In-depth analysis of Critical / High Security Incidents. 16. Investigate and work on endpoints alerts reported by EDR and AV team. 17 .Create the SOP documents for SOC Operation. 18. Review the SOC Operation report which are shared by SOC team. 19. Review the play books created by SOC team. 20 .Creating and Publishing Weekly & Bi-weekly reports.