· Continuously monitor SIEM dashboards and alert queues for security events across on-premises, hybrid, and cloud environments.
· Perform real-time alert triage and categorize events based on severity, confidence, and business impact.
· Identify false positives and alert misfires and communicate rule tuning recommendations to SOC L2.
· Analyze correlated alerts involving multiple log sources (firewall, EDR, proxy, AD, security appliances).
· Perform first-level investigation on alerts involving suspicious IPs, malicious URLs/domains, brute-force attempts, unusual process executions, data transfers, or policy violations.
· Extract and compile relevant evidence such as event logs, Sysmon artifacts, endpoint activity, and network traces.
· Conduct IOC enrichment using Virus-Total, ANY.RUN, Hybrid Analysis, Abuse-IPDB, WHOIS, and OSINT platforms.
· Validate whether activity maps to known attacker TTPs using the MITRE ATT&CK Matrix.
· Report observed attack patterns, indicators, and behavioural anomalies with proper justification.
· Perform containment actions approved for L1 level—account disablement, isolation requests, password resets, URL blocking, IP blocking, or alert suppression.
· Follow Incident Response playbooks and escalate incidents to SOC L2/IR team within SLA.
· Document every step taken during triage, analysis, containment, and escalation.
· Assist the L2 team during incident coordination, evidence preparation, and timeline reconstruction.
· Analyze logs from Windows, Linux, Azure AD, O365, VPN, network appliances, endpoint tools, and cloud platforms.
· Report log source connectivity failures or ingestion delays to L2 or the Engineering team.
· Maintain all SOC shift sheets, daily log books, alert trackers, and incident registers with 100% accuracy.
· Ensure clear, structured shift handovers with detailed updates on pending alerts, incidents, and ongoing investigations.
· Prepare daily alert summary reports and client-wise incident reports.
· Communicate incident status, evidence requirements, and action updates to clients professionally via email or Teams calls.
· When needed, explain PPT slides, case findings, or security observations to clients during internal or external meetings.
· Ensure all communication is accurate, timely, and aligned with SOC protocols.
· Train assigned SOC Interns on alert triage, documentation best practices, log analysis basics, and SIEM navigation.
· Provide feedback on intern performance and ensure they meet SOC minimum standards.
· Provide structured training to all assigned SOC interns and ensure they perform their daily activities correctly. Regularly review their work, monitor their progress, and guide them on best practices, analysis methods, and process adherence.
· Maintain structured documentation for alerts, incidents, evidence logs, SOP updates, and client-specific guidelines.
· Ensure adherence to security policies, SOC SOPs, incident playbooks, and confidentiality norms.
· Contribute verified IOCs to internal threat repositories and share relevant threat intelligence with the team.
· Participate in SOC laboratory exercises, simulations, and red-team vs blue-team drills.
· Continuously improve knowledge on attacker TTPs, log analysis, SIEM rules, and new security tools.
· Explore SIEM enhancements, detection gaps, or additional monitoring opportunities and propose improvements.
· Maintain strict confidentiality of all client data, credentials, and SOC activities.
· Adhere to shift discipline, timely attendance, and operational timelines.
· Escalate issues promptly and avoid any delay in critical incident handling.
Demonstrate professionalism in all internal and client-facing interactions
Pay: ₹15,000.00 - ₹25,000.00 per month
Work Location: In person