Talent.com
L2/l2.5 security operations center (soc) analyst
L2/l2.5 security operations center (soc) analystTOCUMULUS • Chennai, Tamil Nadu, India
L2 / l2.5 security operations center (soc) analyst

L2 / l2.5 security operations center (soc) analyst

TOCUMULUS • Chennai, Tamil Nadu, India
4 hours ago
Job description

Position Overview

We are seeking a skilled and detail-oriented L2 / L2.5 Security Operations Center (SOC) Analyst to join our Security Operations team. This role sits at the critical intersection of threat detection, incident investigation, and escalation management. The successful candidate will be responsible for identifying, investigating, and responding to security threats while mentoring L1 analysts and collaborating with senior security teams.

Position Type : Full-time

Location : (On-site / Hybrid / Remote)

Experience Level : 8 years in cybersecurity / SOC operations.

Key Responsibilities

Tier 2 Incident Analysis & Investigation (45%)

Alert Triage & Investigation :

  • Analyze and investigate alerts / incidents escalated from L1 analysts
  • Determine incident severity, scope, and impact on business operations
  • Conduct root cause analysis for security events and anomalies
  • Perform deep-dive forensic analysis on suspicious activities
  • Create detailed incident investigation reports with findings and recommendations

Threat Assessment :

  • Classify and categorize threats (malware, ransomware, APT, credential theft, data exfiltration, etc.)
  • Evaluate threat credibility and validate true positives vs. false positives
  • Assess threat actor capabilities, tactics, techniques, and procedures (TTPs)
  • Determine data exposure and potential impact on organization

    • Incident Containment & Response :

  • Execute immediate containment measures to prevent threat propagation
  • Isolate affected systems from network when necessary
  • Coordinate with IT Operations for system remediation and recovery
  • Recommend and implement mitigation strategies
  • Participate in incident response playbook execution

    • SIEM & Security Tool Management (25%)

    SIEM Platform Operations :

  • Monitor and manage SIEM (Security Information and Event Management) platform
  • Create, modify, and optimize detection rules and correlation searches
  • Develop custom dashboards and reports for security monitoring
  • Tune alert thresholds to reduce false positives while maintaining detection sensitivity
  • Maintain SIEM data integrity and log ingestion from all security sources

    • Security Tool Administration :

  • Manage and maintain EDR (Endpoint Detection & Response) solutions
  • Monitor firewall logs, IDS / IPS alerts, and network anomalies
  • Review and escalate VPN access anomalies and unusual traffic patterns
  • Manage DLP (Data Loss Prevention) incidents and policy violations
  • Monitor and respond to vulnerability scanner findings and exploit attempts

    • Log Analysis & Threat Hunting :

  • Perform manual log analysis to identify suspicious patterns and anomalies
  • Conduct proactive threat hunting campaigns based on threat intelligence
  • Search for indicators of compromise (IOCs) across infrastructure
  • Analyze logs from Windows / Linux systems, applications, and network devices
  • Create hunt packages and queries for recurring threat patterns

    • Escalation & Ticket Management (15%)

    Alert Routing & Escalation :

  • Escalate incidents to L3 analysts and specialized teams (incident response, forensics, threat intelligence)
  • Determine appropriate escalation path based on incident severity and type
  • Provide clear handoff documentation to specialized teams
  • Monitor ticket status through resolution
  • Perform quality assurance on closed tickets

    • Ticket Management :

  • Document all investigations in ticketing system with comprehensive notes
  • Maintain incident timeline and evidence chain of custody
  • Update incident status and metrics tracking
  • Meet SLA requirements for investigation and escalation (typically 4-8 hours for critical incidents)
  • Generate metrics reports for team and management review

    • L1 Analyst Support & Mentoring (10%)

    Knowledge Transfer :

  • Mentor L1 analysts on investigation techniques and procedures
  • Review L1 investigations and provide feedback for improvement
  • Create runbooks and playbooks for common incident types
  • Conduct training sessions on new threats, tools, and procedures
  • Share threat intelligence and best practices with SOC team

    • Quality Assurance :

  • Review L1 alert dispositions and investigation quality
  • Identify gaps in L1 knowledge and provide targeted training
  • Validate that proper procedures are followed
  • Suggest process improvements based on L1 experiences

    • Technical Competencies

    Required Skills (Must Have)

    Security Operations :

  • 3-5 years experience in SOC, threat detection, or incident response
  • Proficiency with SIEM platforms (Splunk, Arc Sight, QRadar, or similar)
  • Hands-on experience with EDR solutions (Crowd Strike, Microsoft Defender, Sentinel One)
  • Strong understanding of security frameworks (MITRE ATT&CK, NIST Cybersecurity Framework)
  • Knowledge of incident response processes and procedures
  • Experience with security monitoring tools and techniques

    • Technical Knowledge :

  • Strong understanding of networking (TCP / IP, DNS, HTTP / HTTPS, VPN, firewalls)
  • Windows and Linux system administration fundamentals
  • Knowledge of common attack vectors and threat landscape
  • Ability to read and interpret logs (Windows Event Logs, Syslog, firewall logs, web logs)
  • Understanding of malware analysis concepts (static vs. dynamic analysis)
  • Basic scripting knowledge (Python, Bash, or Power Shell) for automation tasks

    • Analytical Skills :

  • Excellent analytical and problem-solving abilities
  • Strong attention to detail and accuracy
  • Ability to work through complex investigations methodically
  • Data-driven decision making
  • Pattern recognition and anomaly detection capabilities

    • Communication & Documentation :

  • Excellent written communication for incident reports and escalations
  • Ability to clearly explain technical findings to non-technical stakeholders
  • Strong documentation and note-taking practices
  • Clear verbal communication with team members and other departments

    • Desired Skills (Nice to Have)

  • Threat Intelligence : Experience consuming and applying threat intelligence
  • Advanced Forensics : Digital forensics or malware analysis experience
  • Automation : Experience with Python, Ansible, or similar for playbook automation
  • Cloud Security : Experience with AWS, Azure, or GCP security monitoring
  • Certifications : GIAC Security Essentials (GSEC), CEH, Security+, CISSP, or similar
  • Incident Response : Prior incident response team experience
  • Vulnerability Management : Experience with vulnerability assessment and remediation
  • Compliance : Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOC 2, ISO 27001
    • Create a job alert for this search

    Soc Analyst • Chennai, Tamil Nadu, India

    Related jobs
    Lead security engineer

    Lead security engineer

    Arcana • Chennai, Tamil Nadu, India
    As our Lead Security Engineer, you'll own and elevate Arcana's overall security posture - cloud, on-prem, and everything in between. You'll design and enforce policies, automate controls, and harden...Show more
    Last updated: 29 days ago • Promoted
    Cyber Security Specialist

    Cyber Security Specialist

    Innefu Labs • Chennai, IN
    We are seeking experienced and detail-oriented professionals for the role.The selected candidates will be responsible for assisting cybercrime investigations by collecting and analysing digital evi...Show more
    Last updated: 24 days ago • Promoted
    Security Operations Center Analyst

    Security Operations Center Analyst

    Yubi • Chennai, Tamil Nadu, India
    Securities Roles and Responsibilities.Confidential and Proprietary Information of CredAvenue Private Limited (‘Yubi’).Only expressly authorized for individuals under obligations of confidentiality ...Show more
    Last updated: 16 days ago • Promoted
    Director of corporate Information Security

    Director of corporate Information Security

    Chargebee • Chennai, Tamil Nadu, India
    The Director / Head of Information Security will lead Chargebee’s Corporate Information Security function, working in close partnership with the Enterprise Cyber security (ECS) which manages produc...Show more
    Last updated: 16 days ago • Promoted
    Senior Application Security Engineer

    Senior Application Security Engineer

    Sphera • Chennai, IN
    Sphera is a leading global provider of enterprise software and services that enables companies to manage and optimize their environmental, health, safety and sustainability.Our mission is to create...Show more
    Last updated: 15 days ago • Promoted
    L2 / L2.5 Security Operations Center (SOC) Analyst

    L2 / L2.5 Security Operations Center (SOC) Analyst

    TOCUMULUS • Chennai, Tamil Nadu, India
    We are seeking a skilled and detail-oriented L2 / L2.Security Operations Center (SOC) Analyst to join our Security Operations team. This role sits at the critical intersection of threat detection, inc...Show more
    Last updated: 2 days ago • Promoted
    Security Analyst

    Security Analyst

    Exela Technologies • Chennai, Tamil Nadu, India
    Privileged & Confidential Page | 1.Conduct vulnerability assessments and penetration tests to identify security weaknesses in. Evaluate, rate, and perform risk assessments on assets.Prioritizing vul...Show more
    Last updated: 5 days ago • Promoted
    AppScan Product _Lead Security Expert _Remote Location

    AppScan Product _Lead Security Expert _Remote Location

    HCLSoftware • Chennai, IN
    Remote
    Greetings from “HCL Software” Is a Product Development Division of HCL Tech!!.HCL Software” : - Is a Product Development Division of HCL Tech : That operates its primary Software Business.At HCL Soft...Show more
    Last updated: 5 days ago • Promoted
    Senior Application Security Engineer

    Senior Application Security Engineer

    Bahwan CyberTek • Chennai, Tamil Nadu, India
    Proficiency in Application Security, API, AI- Vulnerability Assessment / Penetration Testing, red teaming.Highly skilled and proficient in manual and automated testing using OWASP Top 10 for Web, API...Show more
    Last updated: 4 days ago • Promoted
    Security Operations Center Architect

    Security Operations Center Architect

    Exela Technologies • Chennai, Tamil Nadu, India
    Lead and mentor the incident response (IR) team, fostering a culture of continuous improvement and collaboration.Develop, implement, and maintain the organization’s incident response strategy, proc...Show more
    Last updated: 24 days ago • Promoted
    Senior Security Engineer

    Senior Security Engineer

    CBTS • Chennai, Tamil Nadu, India
    Senior level roles as IT Security Architect, IT Security Engineer, IT Security Auditor, Cyber-Security Analyst, Cyber-Intelligence Analyst. Certifications, Accreditations, Licenses.One or more of th...Show more
    Last updated: 30+ days ago • Promoted
    WW-IN-Security-ID1097-SOC-JL11

    WW-IN-Security-ID1097-SOC-JL11

    DXC Technology • Chennai, Tamil Nadu, India
    Position request for SOC Analyst (Cortex XSIAM) with 5-7 years experience.DXC is seeking an experienced SOC Analyst to support our customer. As a SOC Analyst you will play a key role in the SOC you ...Show more
    Last updated: 16 days ago • Promoted
    Cyber Security Analyst

    Cyber Security Analyst

    DraconX • Chennai, IN
    DraconX is at the forefront of transforming cutting-edge ideas into intelligent, scalable digital solutions.As pioneers in AI business automation and AI-driven SaaS platforms, we specialize in crea...Show more
    Last updated: 15 days ago • Promoted
    L2 / L2.5 Security Operations Center (SOC) Analyst

    L2 / L2.5 Security Operations Center (SOC) Analyst

    Theomnihire • Chennai, TN, in
    Quick Apply
    We are seeking a skilled and detail-oriented L2 / L2.Security Operations Center (SOC) Analyst to join our Security Operations team. This role sits at the critical intersection of threat detection, inc...Show more
    Last updated: 3 days ago
    Security Operations Engineer

    Security Operations Engineer

    ITPeopleNetwork • Chennai, IN
    We are looking for a junior to mid-level.Saviynt Identity Access Management (IAM / IGA).CyberArk Endpoint Privilege Manager (EPM). The ideal candidate will assist in user access governance, email thre...Show more
    Last updated: 8 days ago • Promoted
    Lead Security Engineer

    Lead Security Engineer

    interface.ai • Chennai, IN
    Our cutting-edge Generative AI-powered platform serves over 100 banks and credit unions, delivering hyper-personalized customer interactions across voice, chat, and employee-assisting solutions.To ...Show more
    Last updated: 30+ days ago • Promoted
    Business development manager(cyber security services)

    Business development manager(cyber security services)

    TECEZE • Chennai, Tamil Nadu, India
    Business Development Manager – Cyber Security Services.Function : Sales / New Business Acquisition.Role Type : Individual Contributor (Hunter Role). Travel : Up to 50% (domestic and / or international).T...Show more
    Last updated: 3 days ago • Promoted
    Deputy Global Infrastructure and Security Operations Leader

    Deputy Global Infrastructure and Security Operations Leader

    iMerit Technology • Chennai, IN
    Deputy Global Infrastructure and Security Operations Leader.Willing to relocate to Pune, Coimbatore, or Bengaluru, with international impact. Hybrid / Remote with frequent travel to global time zones,...Show more
    Last updated: 6 days ago • Promoted