Saviynt is an identity authority platform built to power and protect the world at work. In a world of digital transformation, where organizations are faced with increasing cyber risk but cannot afford defensive measures to slow down progress, Saviynt s Enterprise Identity Cloud gives customers unparalleled visibility, control and intelligence to better defend against threats while empowering users with right-time, right-level access to the digital technologies and tools they need to do their best work.
We are building a next-generation Security Operations Center (SOC) designed for the cloud-first era. We are moving beyond traditional reactive methods to build an intelligent, automated SOC that leverages deep cloud security expertise to stop advanced threats.
We are seeking a motivated and detail-oriented L2 SOC Analyst to be a core member of our 24/7 operations team. This role is for a hands-on analyst who excels at investigating complex alerts, using automation to accelerate response, and is passionate about cloud security. You will be the primary line of in-depth analysis, working to validate, investigate, and contain threats as
they are escalated from L1.
Please note: This is a 24/7 operational role. The SOC team works in three rotating shifts
(morning, afternoon, and night) to ensure continuous monitoring and response.
WHAT YOU WILL BE DOING
-
- Incident Triage & Investigation
- Serve as the primary escalation point for alerts triaged by L1 analysts and automated systems.
- Conduct detailed analysis of security alerts from a wide range of sources (SIEM, EDR, CSPM, Cloud-native tools) to validate threats and determine their scope.
- Investigate security incidents in our enterprise and cloud environments (AWS, Azure, GCP), correlating data to build a complete picture of attacker activity.
- Perform deep-dive analysis of logs, network packets, and endpoint data to identify indicators of compromise (IOCs).
- Incident Response & Automation
- Execute and tune automated response playbooks using our SOAR platform for common security incidents.
- Perform timely incident response actions, such as isolating compromised hosts, blocking malicious IPs/domains, and disabling compromised accounts.
- Utilize and modify existing scripts (primarily Python) to assist with automated evidence collection and enrichment.
- Document all investigation steps, findings, and containment actions in our incident management system.
- Threat Hunting & Cloud Monitoring
- Participate in "guided" threat hunting campaigns based on new threat intelligence or hypotheses developed by senior analysts.
- Actively monitor and analyze security logs from cloud-native tools (e.g., AWS GuardDuty, CloudTrail,Cloudflare, Azure,etc.).
- Assist in tuning detection rules and identifying false positives to help improve the fidelity of our security alerts.
- Continuous Improvement & Collaboration
- Escalate complex, high-severity, or unresolved incidents to L3 Analysts and the Incident
- Response team with detailed handover notes.
- Contribute to the refinement of SOC documentation, including Standard Operating Procedures (SOPs) and investigation runbooks.
- Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis.
What You Bring
-
- Bachelor s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night).
- 4-6 years of experience in a Security Operations (SOC) environment, with demonstrated L2 capabilities.
- Cloud Security Experience: Hands-on experience monitoring and responding to alerts in at least one major cloud provider (AWS, Azure, or GCP).
- Technical Expertise: Strong, hands-on experience with SIEM (e.g., Splunk, QRadar, Azure Sentinel) and EDR (e.g., CrowdStrike, SentinelOne) platforms.
- Automation Familiarity: Experience using a SOAR platform and familiarity with scripting (Python preferred) for basic automation or analysis tasks.
- Strong working knowledge of the MITRE ATT&CK framework and its application to incident analysis.
Why Join Us
-
- Be at the forefront of a modern, cloud-focused Security Operations Center.
- Gain deep, hands-on experience with cutting-edge cloud security, automation, and threat intelligence technologies.
- A clear career path for growth into L3, threat hunting, or automation engineering roles.
- Collaborate with world-class security and engineering leaders in a high-impact, operational role.
![Allscripts(India) LLP, ultimately a subsidiary of Altera Digital Health Inc.,[Altera India] logo](https://jobpe-assets.b-cdn.net/images/companies/allscriptsindia-llp-ultimately-a-subsidiary-of-altera-digital-health-incaltera-india-logo.jpg){kind=logo}
