· Monitor and investigate escalated alerts from SOC L1 using SIEM, EDR, SOAR, UEBA, and TI tools.
· Validate alerts, identify TP/FP, assess severity, impact, and attacker intent.
· Perform cross-log correlation (endpoint, network, identity, cloud, application).
· Analyze suspicious activity such as lateral movement, privilege escalation, abnormal login behavior, and malware execution.
· Perform static and dynamic analysis of suspicious files, URLs, and scripts.
· Identify malicious behaviour, persistence techniques, and C2 communication.
· Extract IOCs (hashes, domains, IPs, registry changes).
· Use sandbox tools for behaviour observation (ANY.RUN, Hybrid Analysis).
· Analyze Windows artifacts using Sysinternals tools (ProcMon, Autoruns).
· Capture PCAPs and analyze network behavior using Wireshark
· Execute containment actions (isolate endpoint, block IP/URL, disable user account).
· Collect forensic artifacts: memory dump, logs, event trails, malware samples.
· Build incident timelines and prepare evidence documentation.
· Develop new SIEM correlation rules and improve existing detections.
· Tune alerts to reduce false positives and remove noise.
· Map detections to MITRE ATT&CK techniques.
· Onboard new log sources (firewalls, AD, servers, cloud, applications, etc).
· Validate parsing, normalization, and event categorization.
· Troubleshoot ingestion issues, agent failures, and parsing errors.
· Manage and validate SOAR playbooks for automated response.
· Identify opportunities for automation to reduce manual triage overhead.
· Act as technical escalation point for clients.
· Provide daily/weekly/monthly incident reports and dashboards.
· Explain RCA, detection patterns, and mitigation recommendations.
· Attend client calls for incident reviews and posture updates.
· Maintain updated SOPs, playbooks, use-case catalogs, and workflows.
· Document investigation steps, IOCs, evidence, and closure notes.
· Ensure SIEM, EDR, SOAR, and TI platforms function smoothly.
· Monitor agent health, connectors, API integrations, and log flow.
· Support patching, upgrades, and configuration maintenance.
· Train L1 analysts on SIEM alert triage and investigation basics.
· Teach use of EDR tools, log analysis, event correlation, and IOC lookup.
· Provide step-by-step guidance on common alerts (malware, brute force, phishing).
· Explain SOPs, escalation matrix, and incident documentation standards.
· Conduct periodic refresher training and skill improvement sessions.
· Review L1 work quality and provide feedback for improvement.
· Build training materials (cheat sheets, quick guides, sample cases).
· Support mock drills and table top exercises for skill development.
Pay: ₹35,000.00 - ₹40,000.00 per month
Work Location: In person