About US
At ServCrust, we’re transforming the way stone aggregates are sourced and delivered for constructionprojects. Our digital platform simplifies procurement, improves efficiency, and ensures consistent qualityhelping construction companies, contractors, and developers access the materials they need quicklyand reliably. We blend innovation and technology to bring transparency and ease to the constructionsupply chain.
Role Overview
We are seeking a skilled and proactive SOC Analyst / Threat Hunter (L2) to join our Security OperationsCenter. This role is responsible for conducting in-depth investigations of security events, engaging inproactive threat hunting, and contributing to incident response activities. The analyst will also support thetuning of detection logic, monitoring tool health, and security operations across both on-premises andAWS cloud environments. The role sits at the core of our operational defense capability.
Key Responsibilities
- Security Operations, Incident Response & Cloud Security
- Triage and investigate alerts from SIEM, EDR, NDR, and CSPM platforms.
- Correlate logs from endpoints, network, and cloud-native services.
- Investigate escalated alerts related to IAM misuse, anomalous API calls, privilege
escalations, exposed storage (e.g., S3 buckets), and suspicious cloud workloads.
- Assist in containment and response of cloud-based incidents: isolate workloads, revoke
keys, suspend IAM users, apply NSG/security group modifications.
- Perform root cause analysis and support recovery actions for both cloud and on-prem
threats.
- Validate security tool status across environments, including CSPM/CIEM tools and ensure
coverage across cloud workloads.
- Participate in post-incident reviews, update cloud-specific playbooks and ensure IR
readiness across hybrid environments.
- Threat Hunting, Detection Engineering & Continuous Improvement
- Conduct proactive threat hunts across cloud and on-prem logs to uncover hidden threats.
- Use cloud telemetry to detect behavioral anomalies or policy violations.
- Leverage threat intel and TTPs to hunt for signs of known actor techniques across the
environment (MITRE ATT&CK for Cloud).
- Work with engineering teams to fine-tune and improve cloud-specific detections (e.g.,
alerting on disabled logging, overly permissive IAM, use of stolen API keys).
- Develop or update detection rules and recommend automation playbooks for cloud
incident response.
- Share hunting findings and detection improvements in weekly SOC knowledge sessions.
- Document use cases, lessons learned, and detection enhancements for broader SOC
adoption.
Weekly / Monthly Contributions
- Participate in IR reviews and quality assurance across hybrid threats.
- Review cloud account posture using CSPM tools and flag unresolved misconfigurations.
- Analyze cloud activity trends and deliver reporting on identity risks, misconfigurations, and
emerging attack patterns.
- Contribute to red team debriefs and cloud simulation test cases, update and maintain
playbooks.
- Support cross-training within SOC for improved cloud security operations maturity.
Required Qualifications
- 2–4 years in a SOC, IR, or security monitoring role.
- Hands-on experience with log analysis and investigation in cloud platforms: AWS
(CloudWatch, CloudTrail, GuardDuty).
- Solid grasp of attacker TTPs in cloud environments: exposed credentials, over-permissioned
roles, container abuse, cloud lateral movement.
- Proficiency with SIEM/EDR platforms and investigation workflows.
- Basic scripting or automation knowledge (Python, PowerShell, Boto3, etc.).
- Familiarity with cloud-native security tools (AWS Config).
- Certifications like CySA+, AWS Security Specialty are desirable.
Soft Skills & Traits
- Investigative mindset with high attention to detail.
- Collaborative team player with strong communication skills.
- Ability to work under pressure in live incidents or fast-paced SOC environments.
- Curiosity-driven attitude toward evolving threats and cloud services.
