Specialist I, Cyber Defense Operation Centre (TCF)

Job Title:

Specialist I, Cyber Defense Operation Centre (TCF)

Job Description

We are looking for an experienced and proactive SOC Analyst - Level 2 (L2) to join our Managed Security Services Provider (MSSP) team. In this role, you will handle advanced security investigations, lead incident response for escalated cases, fine-tune detection capabilities, and mentor L1 analysts. You will be expected to have strong technical expertise across security platforms, incident handling processes, and threat analysis to ensure timely and accurate response to security incidents in a 24x7 environment.

Key Responsibilities

• Investigate and respond to escalated security incidents from L1 analysts, ensuring timely containment, eradication, and recovery.

• Perform in-depth log and packet analysis to identify root causes and attack vectors.

• Correlate alerts across multiple data sources (SIEM, EDR, IDS/IPS, cloud, threat intel) for context-rich investigations.

• Conduct malware analysis (static/dynamic) and assess potential impact on client systems.

• Create and refine incident response playbooks, use cases, and correlation rules.

• Collaborate with threat intelligence teams to enrich investigations and proactively identify emerging threats.

• Lead the onboarding and configuration validation for new clients and POCs.

• Support tuning of SIEM and EDR rules to reduce false positives and improve detection accuracy.

• Mentor and provide technical guidance to L1 analysts, ensuring knowledge transfer and skill growth.

• Document detailed investigation reports for incidents, ensuring compliance with client and regulatory requirements.

Tools & Technologies

• SIEM: Palo Alto XSIAM/XDR, Splunk, Microsoft Sentinel, QRadar, LogRhythm

• EDR: CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Palo Alto Cortex XDR

• Network Security: IDS/IPS (Snort, Suricata), Next-Gen Firewalls (Palo Alto, Fortinet, Cisco)

• Threat Intelligence: VirusTotal, Anomali ThreatStream, Recorded Future, MISP

• Forensics: FTK, EnCase, Volatility, Autopsy (awareness)

• Case Management: ServiceNow, JIRA, TheHive

• Cloud Security: AWS Security Hub, Azure Security Center, GCP Security Command Center

• Vulnerability Management: Qualys, Tenable Nessus, Rapid7 InsightVM

Required Skills & Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).

• Experience: 2-4 years in a SOC, incident response, or security operations role.

• Strong understanding of cyber attack techniques, MITRE ATT&CK framework, and incident handling methodologies.

• Proficiency in log analysis, endpoint forensics, and network traffic analysis.

• Experience with SIEM and EDR tool configuration, alert tuning, and custom rule creation.

• Working knowledge of scripting languages (Python, PowerShell, Bash) for automation and analysis is a plus.

• Preferred Certifications: GCIA, GCIH, CEH, CompTIA CySA+, Microsoft SC-200, or equivalent.

Key Attributes for Success

• Strong problem-solving skills and ability to work on complex incidents under pressure.

• Excellent written and verbal communication for clear incident reporting and stakeholder updates.

• Collaborative mindset with the ability to mentor junior analysts and contribute to team development.

• Proactive in learning and adapting to evolving threats, tools, and best practices.

Location:

IND Gurgaon - Bld 14 IT SEZ Unit 1, 17th C & D and Gd Flr D

Language Requirements:

Time Type:

Full time

If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the