Department: Cybersecurity Operations Center (CSOC) Employment Type: Full-Time, Bangalore-based (remote/hybrid options negotiable post onboarding)
Shift: India Night Shift (US Eastern Time) for first 90 days, then Early Morning IST
Job Summary:
SOC Analyst II is an intermediate-level cybersecurity role responsible for advanced threat detection, investigation, and response activities. This position requires demonstrated expertise in SIEM operations, threat hunting, and detection engineering. The analyst will handle complex security incidents, develop detection content, and provide technical guidance to junior team members. This role is ideal for professionals from NOC, support, or IT backgrounds seeking to advance their cybersecurity careers.
Key Responsibilities:
-
Conduct advanced investigation and analysis of security alerts across Microsoft Sentinel, Sophos MDR, and Microsoft Defender suite
-
Develop and tune detection rules, correlation searches, and alert logic to reduce false positives and improve threat coverage
-
Perform proactive threat hunting using SIEM data, endpoint telemetry, and threat intelligence
-
Lead incident response activities for moderate to high severity security events
-
Document investigation findings, root cause analysis, and remediation recommendations in ITSM platforms
-
Collaborate with IT, Infrastructure, and Engineering teams on security findings and remediation efforts
-
Mentor SOC Analyst I team members and support knowledge transfer
-
Analyze phishing campaigns, malware artifacts, and suspicious activity patterns
-
Support vulnerability management workflows using Tenable and coordinate remediation tracking
-
Contribute to SOC playbook development and process improvements
-
Participate in security tool evaluations and optimization initiatives
Required Qualifications:
-
5+ years of hands-on experience in SOC, incident response, security operations, NOC, IT support, or related technical roles
-
Strong working knowledge of Microsoft Sentinel, EDR platforms (Sophos, Defender for Endpoint), and SIEM technologies
-
Demonstrated experience with detection engineering, KQL or SPL query languages
-
Solid understanding of common attack vectors, TTPs, and MITRE ATT&CK framework
-
Experience with ITSM platforms (ServiceNow, FreshService) for incident documentation
-
Strong analytical, troubleshooting, and communication skills
-
Ability to work independently and handle multiple priorities under pressure
Preferred Skills & Certifications:
-
Microsoft SC-200 (Security Operations Analyst), CompTIA CySA+, or GIAC GCIH
-
Experience with cloud security monitoring (Azure, AWS, O365)
-
Familiarity with threat intelligence platforms and threat hunting methodologies
-
Scripting or automation skills (PowerShell, Python) for security workflows
-
Knowledge of compliance frameworks (PCI DSS, ISO 27001, SOC 2)
-
Experience with vulnerability management and remediation coordination
Shift Schedule:
-
Flexible coverage based on operational needs (Early Morning IST preferred or US Eastern Time alignment)
-
Participation in on-call rotation as needed
-
Job Type: Full-time, Bangalore-based (remote/hybrid options negotiable post onboarding)
Flexible coverage based on operational needs (Early Morning IST preferred or US Eastern Time alignment)
Participation in on-call rotation as needed
Job Type: Full-time, Bangalore-based (remote/hybrid options negotiable post onboarding)
