Chennai, Tamil Nadu
Job Summary
Job Summary : The SOC Operations Analyst L2 is responsible for monitoring and analyzing security alerts using tools like Microsoft Sentinel. The role includes investigating incidents, identifying real threats, and supporting response and remediation activities. The analyst works on alerts escalated from L1, performs log analysis, and helps improve detection by fine-tuning rules. They also support threat hunting, automation, and maintain proper documentation and reports. This role requires good knowledge of SIEM tools, security logs, and common cyber threats, along with close coordination with internal security and IT teams.J ob Description : Threat Monitoring & Analysis\\\\r\\\\n \\\\r\\\\nMonitor security alerts from SIEM tools (Sentinel, ArcSight, Splunk, QRadar)\\\\r\\\\nPerform in-depth analysis of escalated incidents (L1 L2)\\\\r\\\\nValidate true positives and eliminate false positives\\\\r\\\\n \\\\r\\\\n Incident Investigation & Response\\\\r\\\\n \\\\r\\\\nConduct root cause analysis (RCA) for security incidents\\\\r\\\\nPerform log correlation across multiple sources (EDR, Firewall, AD, Cloud logs)\\\\r\\\\nSupport incident containment and remediation actions\\\\r\\\\n \\\\r\\\\n Use Case Tuning & Optimization\\\\r\\\\n \\\\r\\\\nFine-tune SIEM correlation rules and alerts\\\\r\\\\nReduce noise and improve detection accuracy\\\\r\\\\nMap detections to MITRE ATT&CK; framework\\\\r\\\\n \\\\r\\\\n Threat Hunting (Proactive)\\\\r\\\\n \\\\r\\\\nPerform proactive threat hunting using SIEM, EDR, and threat intelligence\\\\r\\\\nIdentify hidden or advanced threats not detected by rules\\\\r\\\\nDevelop hypotheses-based hunting scenarios\\\\r\\\\n \\\\r\\\\n Automation & Playbooks\\\\r\\\\n \\\\r\\\\nSupport SOAR playbook execution (Sentinel Logic Apps, etc.)\\\\r\\\\nAssist in developing automation for repetitive tasks\\\\r\\\\nIntegrate SIEM with ticketing systems (ServiceNow)\\\\r\\\\n \\\\r\\\\n Reporting & Documentation\\\\r\\\\n \\\\r\\\\nDocument incidents, findings, and recommendations\\\\r\\\\nPrepare incident reports, dashboards, and metrics\\\\r\\\\nMaintain SOPs, runbooks, and knowledge base\\\\r\\\\n \\\\r\\\\n Collaboration\\\\r\\\\n \\\\r\\\\nWork closely with L1 analysts, L3 engineers, and IR teams\\\\r\\\\nCoordinate with IT teams for remediation actions\\\\r\\\\nSupport audits and compliance activities
Key Responsibilities
Job Responsibilities : Threat Monitoring & Analysis Monitor security alerts from SIEM tools (Sentinel, ArcSight, Splunk, QRadar) Perform in-depth analysis of escalated incidents (L1 L2) Validate true positives and eliminate false positives Incident Investigation & Response Conduct root cause analysis (RCA) for security incidents Perform log correlation across multiple sources (EDR, Firewall, AD, Cloud logs) Support incident containment and remediation actions Use Case Tuning & Optimization Fine-tune SIEM correlation rules and alerts Reduce noise and improve detection accuracy Map detections to MITRE ATT&CK; framework Threat Hunting (Proactive) Perform proactive threat hunting using SIEM, EDR, and threat intelligence Identify hidden or advanced threats not detected by rules Develop hypotheses-based hunting scenarios Automation & Playbooks Support SOAR playbook execution (Sentinel Logic Apps, etc.) Assist in developing automation for repetitive tasks Integrate SIEM with ticketing systems (ServiceNow) Reporting & Documentation Document incidents, findings, and recommendations Prepare incident reports, dashboards, and metrics Maintain SOPs, runbooks, and knowledge base Collaboration Work closely with L1 analysts, L3 engineers, and IR teams Coordinate with IT teams for remediation actions Support audits and compliance activities
Skill Requirements
Skill Requirement : Technical Skills Required Core Skills Hands-on experience with SIEM tools (Sentinel / ArcSight / Splunk / QRadar) Strong understanding of logs: Windows Event Logs Syslog / Firewall logs Cloud logs (Azure/AWS/GCP) Detection & Security Knowledge MITRE ATT&CK; framework Cyber Kill Chain Threat vectors: phishing, malware, ransomware, insider threats Tools & Technologies EDR tools (Microsoft Defender, CrowdStrike, Carbon Black) Email security tools Vulnerability tools (Qualys, Nessus) Querying & Analysis KQL / SPL / Query languages Log correlation and pattern analysis Systems & Networking Networking basics (TCP/IP, DNS, HTTP, VPN) Windows & Linux fundamentals
Other Requirements
Other Requirement : 3–6 years in SOC / Security Operations Experience handling P2/P3 incidents independently Exposure to incident response and threat hunting Education & Certifications Bachelor’s degree in IT / Cybersecurity Preferred certifications: SC-200 (Microsoft Security Operations) CEH / Security+ GIAC / CySA+ (optional)
#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-
