Location - Chennai / BLR
Environment: Palo Alto SOAR, Splunk, Microsoft MDE and Sentinel
Should be open to work in European shift hours and 24x7 if required.
Role Overview
The SOC Analyst (L1/L2) and Lead are responsible for proactive monitoring, detection, investigation, and response to security threats using industry-leading solutions. The Lead also guides the team, architecting and optimising SOC workflows and systems to ensure robust organisational security.
Key Responsibilities:
Monitoring & Detection Tools
-
Use, configure, and optimize SIEM tools (Splunk, IBM QRadar, Microsoft Sentinel, LogRhythm, ArcSight, Elastic SIEM) for threat identification and alert management.
-
Monitor network, endpoint, and cloud environments for anomalous activity.
Incident Detection & Response
-
Triage and prioritise alerts, investigate suspicious activity, and conduct malware analysis (static and dynamic).
-
Perform root cause analysis (RCA) and drive incident response flows (containment, eradication, recovery).
-
Prepare and maintain documentation for incidents, actions, and outcomes.
Endpoint Security & Investigation
-
Operate Microsoft Defender for Endpoint, conduct threat hunting via EDR telemetry and memory dumps.
-
Investigate endpoint alerts, correlate findings, and escalate complex cases as needed.
Network Security & Vulnerability Management
-
Analyze network traffic and manage perimeter security using firewalls (Palo Alto, Fortinet, Cisco ASA).
-
Administer DLP and email security systems.
-
Conduct vulnerability scans and assessments with tools like Qualys.
Threat Intelligence Integration
-
Ingest and correlate IOCs; map attacker TTPs to active threats.
-
Integrate threat intelligence feeds into SOC workflows for improved detection and response.
Must-Have Skills
-
Strong knowledge of SIEM platforms and alert investigation.
-
Advanced incident response, malware analysis, and RCA expertise.
-
Deep knowledge of endpoint and network security tools.
-
Threat hunting and forensic investigation capabilities.
-
Familiarity with vulnerability management and DLP/email security.
-
Experience with threat intelligence platforms and TTP mapping.
-
Strong analytical, communication, and documentation skills.
-
Leadership and team management (Lead role).
Desired Skills
-
Scripting/automation (Python, PowerShell, Shell).
-
SOAR platform experience.
-
Regulatory compliance awareness (PCI DSS, GDPR, HIPAA, ISO 27001).
-
Continuous improvement and policy development mindset.
Certifications (Preferred)
-
Security+, CySA+,
-
SC-200 . SC-900
-
Certified SOC Analyst (CSA)
-
Vendor SIEM/EDR certifications (Splunk, QRadar, Sentinel, Defender)
Total Experience Expected: 04-06 years