Senior Security Operations Center Analyst || Only Immediate Joiner

Job Description : SOC Analyst (L2 / L3) – 7+ Years Experience

Location : Mumbai

Experience : 7+ Years

Mode : Full Time

Note : Only Immediate Joiner

Role Overview

We are seeking an experienced SOC Analyst (L2 / L3) to support advanced security monitoring, threat detection, investigation, and incident response within a 24 / 7 Security Operations Center. The ideal candidate will have deep technical expertise in SIEM, threat hunting, SOC processes, and security incident lifecycle management.

Key Responsibilities

Security Monitoring & Analysis

Perform continuous security monitoring using SIEM tools (Splunk / QRadar / ArcSight / LogRhythm).

Analyze alerts, logs, network traffic, and endpoint telemetry.

Identify false positives and fine-tune detection rules / correlation alerts.

Utilize threat intelligence feeds to enrich events and improve detection.

Incident Detection & Response

Lead and drive end-to-end Incident Response (IR) activities.

Perform deep-dive investigations of security incidents, malware, network attacks, and suspicious activities.

Execute containment, eradication, and recovery procedures.

Document incidents and generate detailed incident reports & RCA.

Threat Hunting

Conduct proactive threat hunting using SIEM, EDR, Threat Intel, and behavioral analytics.

Detect anomalies, unknown threats, and lateral movement patterns.

Build new detection rules and playbooks from hunt outcomes.

Endpoint & Network Security

Analyze endpoint alerts using EDR tools (CrowdStrike, Carbon Black, SentinelOne, Defender for Endpoint).

Investigate network-based attacks : DDoS, brute-force, privilege escalation, insider threats, malware, ransomware.

Vulnerability & Risk Management

Coordinate with security teams for vulnerability prioritization and remediation.

Support risk assessments and recommend mitigation strategies.

Automation & Playbooks

Improve SOC efficiency using SOAR tools (Cortex XSOAR, Splunk SOAR, IBM Resilient).

Create and update incident response runbooks and automated workflows.

Collaboration & Reporting

Work closely with IT, Cloud, Infra, and App teams for resolution.

Prepare weekly / monthly security reports, dashboards, and executive summaries.

Provide knowledge transfer and mentor junior analysts.

Required Skills & Qualifications

7+ years experience in SOC operations (L2 / L3 role preferred).

Hands-on experience with SIEM (Splunk / QRadar / ArcSight / ELK).

Strong expertise in EDR , SOAR , and Threat Intelligence .

Deep understanding of MITRE ATT&CK , NIST, ISO 27001, and security frameworks.

Advanced knowledge of TCP / IP, firewalls, IDS / IPS, proxies, DNS, VPN, and network security concepts.

Experience in Incident Response, Malware Analysis, Threat Hunting, Log Analysis .

Ability to write detection rules, correlation searches, and signatures.

Strong analytical, documentation, and communication skills.

Preferred Certifications

CEH / CHFI

CompTIA Security+ / CySA+

Splunk Power User / Admin

GCIA / GCIH / GMON

Azure / AWS Security

Shift

Should be flexible for 24 / 7 rotational shifts .