Role overview
The analyst will be at the front line of the Security Operations Center, monitoring, investigating, and escalating security events which are generated in Microsoft Sentinel and other Microsoft Defender products. Identify false positives, threats, raise alerts, document your findings, and hand over enriched incidents to L2/L3 teams and response teams.
Responsibilities
- Realtime monitoring of alerts and incidents in Microsoft Sentinel.
- Draft and refine Kusto Query Language (KQL) queries to identify threats, reduce noise and help with investigation
- Verify file hash / IP reputation and user context based on asset criticality using internal and external threat intel sources
- Escalate to L2 or Incident Response teams as per escalation matrix or defined playbooks
- Create and maintain clear alert tickets
- Participate in daily shift handoffs, clearly communicating status and pending actions.
- Follow documented playbooks
- Recommend tuning adjustments to improve detection capability
- Contribute to continuous improvement by sharing lessons learned.
Technical Skills
- Network basics: TCP/UDP ports, HTTP/S, DNS, VPN etc.
- Windows & Linux log fundamentals: familiarity with common Event IDs, syslog severities, authentication and process events
- Experience with Microsoft Sentinel SIEM with activities such as portal navigation, incident queue handling, rule management
- Ability to understand, write and modify existing queries for log search and alert tuning
- Understanding of Azure AD & Microsoft 365 sign in logs, Conditional Access, Defender alerts etc.
- Knowledge of MITRE ATT&CK mapping for understanding alerts
- Experience using Virus Total, MS Threat Intelligence, WHOIS etc. for quick investigation
- Ticketing and disciplined issue tracking
Required Soft Skills
- An analytical mindset to be able to understand and document alerts
- Ability to document clearly and maintain structured incident notes and escalation activities
- Effective verbal communication • Ability to manage time while working on multiple alerts while meeting SLA on urgent cases
- Share findings, review queries, participate in shift standups and works
- Maintains shift discipline and performs reliably in overnight rotations
- Follow runbooks and document actions to maintain an audit trail
- Keep updated with new Sentinel features, integrations and is aware of emerging threats
Good to have
- Certifications: SC200, SC900, AZ900, CompTIA Security+
- Exposure to Microsoft Defender for Endpoint / Identity
- Experience in phishing / malware / war games / CTF labs
- Knowledge of SOAR concepts.
Job Type: Full-time
Pay: ₹400,000.00 - ₹500,000.00 per year
Benefits:
- Health insurance
- Paid sick time
- Paid time off
- Provident Fund
- Work from home
Application Question(s):
- How many years of experience do you have in a SOC / Security Operations role?
- Do you have hands-on experience with Microsoft Sentinel (SIEM)?
- Do you have experience working with KQL (Kusto Query Language) for alert investigation or tuning?
- Do you have experience analyzing security alerts and identifying false positives vs real threats?
- Are you currently based in or willing to relocate to Bangalore?
- What is your current CTC ?
- What is your expected CTC ?
- What is your notice period?
Work Location: In person
