Sr. SOC Analyst

Hello,

Greetings from Dev Information Technology Ltd !

Company Details:

We are trusted as one of the leading IT enabled services provider, having a remarkable track record of consistently delivering workable and robust solutions. This becomes possible as we adopt continual innovation and remain committed to quality, implement and refine processes and leverage technological prowess. With the best software and hardware environments coupled with state-of-the-art communication facilities; our offices are fully equipped to work as virtual extensions of clients’ environment, providing 24×7 services.

Founded in 1997 in Ahmedabad, India – one of the fastest growing metros of India

• Branch offices in India, USA and Canada
• Multi-million US$ turnover with CAGR of 20%
• 1000+ certified and skilled professionals serving more than 300+ clients globally
• Offering end-to-end solutions to meet IT and ICT needs of clients

Website : https://www.devitpl.com/

Designation : Sr. SOC Analyst

Experience : 4+ Years

Work Location : Ahmedabad

Job type: Full -Time

Perks & Benefits:

• Health Insurance

• Employee rewards and recognition

• Flexible working hours

• Gratuity

• Professional Development

• Comprehensive Leave Benefit

Job Description:

As a SOC L2 Analyst, you are responsible for monitoring, detecting, and responding to security incidents. You will work closely with other SOC teams and support team members to ensure the security of the organization's IT infrastructure.

Monitoring and Incident Triage:

• Continuously monitor alerts from security tools such as Microsoft Sentinel and Cortex XDR in the Oracle RightNow ticket portal.
• Investigate and analyze the source of alerts and potential incidents (e.g., analyzing source IPs, timestamps, network traffic, etc.).
• Validate whether alerts generated by tools like Cortex XDR or Microsoft Sentinel require further investigation or if they can be safely closed.
• Evaluate potential false positives by checking various threat intelligence sources such as VirusTotal and AbuseIPDB for any indications of malicious activity.

Threat Hunting and Analysis:

• Conduct proactive searches for potential threats within the environment based on known indicators of compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs).
• Review historical logs, security events, and other telemetry data from different tools (e.g., Cortex XDR, Palo Alto Panorama) to identify unusual patterns or malicious activities.
• Check alerts against known false positives, especially for alerts related to tools like Cortex XDR and Microsoft Sentinel.
• For repeated alerts, suggest white-listing those alerts to the Support or SecEng team based on past historical data

Threat Response:

• Respond to detected incidents by following the predefined Standard Operating Procedures (SOPs).
• For incidents that require further action, escalate to higher-level SOC analysts ( SOC L3) for deeper analysis or containment.
• When alerts require whitelisting or other configuration adjustments, escalate incidents to SOC L3 teams for further action.
• Escalate unresolved alerts to the CSM (Customer Success Manager) when a customer has not responded to alerts over an extended period.
• Open manual tickets in the Oracle RightNow ticket portal if Sentinel automation fails to generate the required incident tickets.
• Ensure all relevant incident data, including the nature of the alert, any investigation steps, and actions taken, is logged accurately for tracking purposes.

Coordination and Communication:

• Coordinate with the Security Engineering (SecEng) team or other teams if misconfiguration alerts are detected or if a new configuration task is required to address potential vulnerabilities.
• If a customer has not responded to alerts or incidents, reach out to the CSM (Customer Success Manager) for further engagement and communication with the customer.
• Suggest and share any relevant findings or insights with the SOC team to enhance investigations and improve incident response

Configuration Management and Automation:

• Report any issues with automated systems or configurations that may impact alert accuracy or effectiveness.
• If automation (e.g., Sentinel automation) fails to generate tickets or does not trigger appropriate actions, escalate the issue to the team responsible for fixing the automation pipeline.
• Work with L3 or SecEng team to white-list alerts regarding Cortex XDR and Microsoft Sentinel

Documentation and SOP Adherence:

• Ensure that all activities are in line with SOC Standard Operating Procedures (SOPs), and follow established processes for escalation, investigation, and resolution.

Tools and Technologies

Security Monitoring Tools:

• Microsoft Sentinel
• Cortex XDR
• Palo Alto Panorama
• Grafana (for dashboarding and visualizing security data)

Best Regards,
Shruti Mistry | Talent Acquisition Executives
HR (TALENT ACQUISITION)

Job Types: Full-time, Permanent

Pay: ₹50,000.00 - ₹90,000.00 per month

Benefits:

• Food provided
• Health insurance

Schedule:

• Night shift
• Rotational shift
• Weekend only

Work Location: In person