SOC_Security_Tier2_Analyst

Cloud Raptor is Hiring for MNP SPARK Bengaluru!

Work Location:

MNP is one of Canadas largest full-service chartered professional-services firms providing accounting, tax, consulting, risk-advisory, management consulting, and financial advisory services.
• With offices across all provinces and a workforce of thousands, MNP serves clients in public, private, and not-for-profit sectors across Canada. • MNP emphasizes a culture of balanced lifestyle, competitive compensation and benefits, merit-based career growth, and values that support diversity, inclusion, community, and work-life balance.

Role & responsibilities

Serve as the primary technical escalation point for complex security alerts and potential incidents identified by Tier 1 Analysts.

• Conduct thorough, in-depth investigations utilizing advanced Kusto Query Language (KQL) queries, Microsoft Sentinel's Investigation Graph, User and Entity Behavior Analytics (UEBA) insights, and correlation across the Microsoft Defender XDR suite.
• Analyze incident scope, determine potential impact, identify root causes, and map attacker activities to relevant frameworks like MITRE ATT&CK.
• Coordinate and guide incident response activities, collaborating effectively with Tier 1 analysts, Tier 3 experts, and, when necessary, client IT personnel.
• Collaborate with Tier 3 experts and other Digital specialist to develop, test, and refine detection rules (Analytics Rules) within Microsoft Sentinel based on threat intelligence inputs, incident trends, and proactive analysis to improve detection efficacy. This contribution to enhancing the SOC's capabilities provides a clear technical growth path beyond reactive incident handling.
• Contribute to the development, maintenance, and improvement of incident response playbooks, potentially leveraging Security Orchestration, Automation, and Response (SOAR) capabilities within Sentinel (e.g., Azure Logic Apps).
• Team Leadership: Provide ongoing technical guidance, mentorship, and operational support to an assigned team of Tier 1 Security Analysts.
• Scheduling: Actively manage and maintain the rotating shift schedule for the assigned Tier 1 Analyst team, ensuring adequate staffing and skills coverage for 24x7 operations.
• Assist Tier 1 Analysts in resolving technical queries, overcoming investigative hurdles, and adhering to procedures during their shifts.
• Contribute to the performance feedback process for Tier 1 Analysts, supporting their professional development in line with MNP's culture.
• Prepare clear, concise, and accurate incident reports for consumption by clients and internal stakeholders.
• Maintain up-to-date knowledge of emerging cybersecurity threats, vulnerabilities, attacker TTPs, and advancements in Microsoft security technologies.
• Participate in a scheduled, rotational on-call roster to provide senior technical escalation support and critical incident response guidance outside of standard business hours, including evenings, weekends, and holidays.

Preferred candidate profile

• Superior analytical and problem-solving skills, capable of dissecting complex and ambiguous security events.
• Excellent communication (written and verbal) and interpersonal skills, necessary for coordinating incident response, client communication (when required), and mentoring junior staff.
• Strong organizational and time-management skills, critical for managing multiple incidents concurrently and overseeing Tier 1 scheduling.
• Demonstrated leadership potential or aptitude; the ability to effectively guide, mentor, motivate, and support junior analysts is essential.
• Ability to maintain composure and make sound, timely decisions under pressure during security incidents.
• Highly collaborative mindset, fostering positive working relationships within the SOC team, across tiers, and potentially with external stakeholders.
• Meticulous attention to detail in investigations and documentation, including incident reports.
• Proven track record of successfully handling escalated security incidents, from initial investigation through to containment and remediation support.
• Experience in tuning SIEM detection rules (e.g., Sentinel Analytics Rules) and contributing to the development or refinement of incident response playbooks.
• Experience authoring or significantly contributing to detailed security incident reports.
• Experience working within a 24x7 operational model, understanding the dynamics of shift work and handovers.

Technical Skills :

• Advanced proficiency in Microsoft Sentinel: Expertise in writing complex KQL queries for investigation and hunting, creating and tuning Analytics Rules, leveraging advanced features like Investigation Graph, UEBA, and Workbooks.
• Deep understanding and extensive hands-on experience with the Microsoft Defender XDR suite (Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps) for advanced investigation and response actions.
• Solid grasp of Security Orchestration, Automation, and Response (SOAR) principles. Practical experience using Azure Logic Apps to build and manage Sentinel Playbooks is a significant asset.
• Proficiency in applying the MITRE ATT&CK framework to analyze and describe attacker behavior.
• Strong foundational knowledge across network security, endpoint security (Windows, Linux, macOS), identity and access management (Microsoft Entra ID), and cloud security concepts (particularly Microsoft Azure).
• Experience analyzing logs from a wide variety of security tools and infrastructure components.
• Basic scripting capabilities for task automation or data analysis are desirable.

Educational Qualifications

Certifications

• Required: Microsoft Certified: Security Operations Analyst Associate (SC-200).
• Desirable: CompTIA Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), or other relevant Intermediate/Advanced Security Certifications

Experience

• 3-5 years of progressive experience within a Security Operations Center (SOC) environment, demonstrating experience beyond basic alert triage, including handling complex incidents and conducting detailed investigations.

Additional Information :

We seek individuals who demonstrate not only strong technical skills but also emerging leadership qualities. The ideal candidate is proactive in identifying areas for process improvement, takes initiative, and possesses a strong desire to mentor and develop others. A commitment to collaboration, excellent problem-solving abilities, and the capacity to manage both technical investigations and team logistics effectively are key. Alignment with MNP's core values of integrity, quality, respect, and client-centricity is essential.