Location: Mohali, Punjab, India
Work Mode: On-Site Only — No Work-From-Home / No Remote / No Hybrid
Shift: Rotational Shift
Experience: 2-4 years (SOC, Microsoft Security, or Cloud Operations)
Employment Type: Full-Time, Permanent
Reporting To: SOC Shift Lead / SOC Manager
Important — Please Read Before Applying
This is an on-site role at our Mohali (Punjab, India) office only. There is NO Work-From-Home, NO Remote and NO Hybrid option for this position. Candidates seeking remote or hybrid work should not apply. The candidate should be willing to work in day and night shifts, with company-provided Uber pickup and drop.
About the Role
The Cyber Security Operations Engineer — L1 is a core member of our Security Operations Centre (SOC), responsible for deep alert analysis, incident validation, investigation, response coordination, and supporting day-to-day operations across the Microsoft security ecosystem.
The L1 Engineer acts as the bridge between initial triage (L0) and advanced investigation (L2 / L3), ensuring accurate, timely and efficient handling of security alerts and threats in customer environments. The role requires hands-on, daily work in Microsoft Azure Sentinel, Microsoft 365 Security, Azure AD / Entra ID, Intune, Autopilot, and related cloud security tools.
Key Responsibilities
Security Monitoring & Incident Handling
- Perform in-depth analysis of alerts escalated from L0 or auto-generated by security tools.
- Validate incidents, determine severity, and assess business impact.
- Conduct investigations using log correlation, MITRE ATT&CK mapping, IOC / IP / domain analysis, suspicious login review, and device anomaly analysis.
- Create and maintain detailed incident reports with clear narrative and supporting evidence.
- Escalate confirmed incidents to L2 / L3 with full investigative context.
Operational Responsibilities
- Coordinate real-time SOC activities with L0 and L2 teams.
- Conduct root-cause analysis for repeated alert patterns and recommend tuning.
- Improve detection logic by providing structured feedback to SIEM engineers.
- Participate in threat-hunting exercises using KQL and Microsoft telemetry.
- Review audit logs, identity authentication patterns, and device events.
- Ensure complete shift handovers with full incident context.
Required Experience & Skills (Mandatory)
Candidates must have 1–2 years of hands-on experience across the following Microsoft security stack:
Microsoft SIEM & Security Tools
- Microsoft Azure Sentinel — strong, demonstrable hands-on experience.
- Log Analytics and KQL query writing.
- Sentinel incident creation, playbook execution, and automation rules.
Microsoft 365 Security
- Microsoft Defender XDR.
- Defender for Endpoint, Defender for Identity, Defender for Office 365.
- Compliance and DLP policies; Identity Protection alerts.
Azure Cloud Security
- Azure AD / Entra ID identity governance.
- Conditional Access policies; MFA, SSPR, identity lifecycle monitoring.
- Privileged Identity Management (PIM); Azure workload identity checks.
Device & Endpoint Management
- Intune MDM / MAM; device onboarding, policy review, app deployment.
- Autopilot provisioning and troubleshooting.
- Device compliance monitoring; patch-management awareness.
O365 Platform Understanding
- Exchange Online, SharePoint Online, Teams security governance.
- User mailbox and audit log investigation.
General
- Strong understanding of Windows, Linux, networking fundamentals, and cyber operations.
- Strong written and verbal English communication.
- Critical thinking, situational awareness, and ability to work under pressure.
Good to Have (Preferred, Not Mandatory)
- AI-driven SOC operations experience — hands-on with AI / ML-augmented SIEM, automated threat detection, AI-assisted analyst workflows, or LLM-based investigation tooling. This is a strong differentiator.
- Microsoft Security Copilot or Sentinel UEBA exposure.
- SOAR platforms and playbook automation experience.
- Cloud forensics and incident response in Azure environments.
- Threat-intelligence platforms (MISP, Anomali, Recorded Future).
Qualifications & Certifications
- Bachelor’s degree — B.Tech / BCA / MCA (or equivalent).
- Microsoft certifications preferred — SC-900 / SC-200 / AZ-900 / AZ-104 / MD-102 / MS-500.
- Valid Indian Passport (mandatory) — required for security clearance and any future on-site or client-deployment opportunity.
- Must be comfortable working night shifts aligned to Eastern Standard Time (EST).
Why Join Us — Benefits & Perks
- Health Insurance — comprehensive medical cover for employee + family.
- Transport — door-to-door Uber pickup and drop for every night shift, fully paid by the company.
- Festive Bonuses — performance-linked incentives plus seasonal festive bonuses.
- Fast-Track Career Growth — clear progression path to L2 Engineer, Threat Hunter, SOC Shift Lead, or Cloud Security Engineer.
- Skill Development — regular SOC skill-development sessions, internal training, and structured upskilling.
- Certification Support — sponsorship and study support for Microsoft and offensive-security certifications.
- Collaborative Team Culture — small, technically strong team; flat communication; no corporate bureaucracy.
Cetark is an equal-opportunity employer.
