Senior Security Analyst

About ColorTokens ColorTokens specializes in advanced security solutions designed to safeguard organizations' assets and critical systems from cyber threats. Our flagship product, Xshield Enterprise Microsegmentation platform, empowers organizations to prevent initial compromises from escalating into damaging crises. By emphasizing proactive security measures, ColorTokens ensures comprehensive protection for critical workloads and data, enabling organizations to stay "breach ready."

With a clientele spanning some of the world's largest organizations, including prominent cancer research centers, cities, and national defense departments, ColorTokens serves industries handling sensitive information and subject to stringent regulatory requirements.

ColorTokens' cloud-delivered platform streamlines onboarding efforts and reduces maintenance costs for organizations. Providing pervasive protection, their platform covers data center servers, legacy systems, cloud workloads, containers, and operational technology (OT) and Internet of Things (IoT) devices.

The company's recognition as a Strong Performer in the Forrester New Wave™ : Microsegmentation report solidifies ColorTokens' reputation as a trusted provider of microsegmentation solutions for organizations seeking to enhance their security posture.

Our culture :

We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and highly motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of the world’s impactful organizations - be it a children’s hospital, or a city, or the defense department of an entire country.

Job Description :

ColorTokens is seeking a highly experienced and proactive Senior Security Analyst (L3) to lead complex threat investigations and incident response within our Managed Security Operations Center (SOC). This role is critical in identifying advanced threats, guiding security operations, developing detection strategies, and mentoring Tier 1 and Tier 2 analysts. The ideal candidate possesses deep technical expertise in cybersecurity, excellent analytical skills, and a strong understanding of modern attack techniques across IT and OT environments.

Job Title : Senior Security Analyst - L2

Location : Bangalore (on site) / Hyderabad

Experience Level : 6 to 10 years

Shift : 24 / 7 Monitoring Shift

Key Responsibilities :

Lead investigation and response for high-severity security incidents across customer environments

Perform deep-dive forensics on endpoints, network traffic, logs, and cloud environments

Correlate and enrich data from multiple sources (EDR, SIEM, NDR, threat intel, OT sensors)

Serve as an escalation point for complex alerts and incidents from L1 / L2 teams

Conduct proactive threat hunting based on TTPs (MITRE ATT&CK) and IOC analysis

Develop detection use cases, custom SIEM rules, and SOAR automation workflows

Participate in red / blue / purple team exercises and incident simulations

Guide playbook development and tuning of triage / response workflows

Deliver incident briefings and root cause analysis (RCA) reports to internal and external stakeholders

Collaborate with threat intelligence, engineering, and customer success teams

Mentor junior analysts and contribute to team knowledge-sharing initiatives

Required Skills & Experience :

6-10 years of experience in a SOC, threat detection, incident response, or cyber forensics role

Strong knowledge of threat actor tactics, techniques, and procedures (TTPs)

Proficient in interpreting logs across various platforms : SIEMs, EDRs, firewalls, cloud environments

Hands-on experience with tools such as :

SIEM : Splunk, Sentinel, QRadar

EDR / XDR : CrowdStrike, Defender for Endpoint, SentinelOne

NDR : Vectra, Darktrace, ExtraHop

SOAR : XSOAR, Splunk SOAR, Tines

Experience with scripting and automation (Python, KQL, Bash, PowerShell)

In-depth knowledge of Windows, Linux, and network protocols

Exposure to cloud security (Azure, AWS) and hybrid infrastructures

Familiarity with OT / ICS environments (Nozomi, Claroty, etc.) is a strong plus

Qualifications :

Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience

One or more advanced certifications preferred :

GIAC (GCIA, GCIH, GCFA, GNFA

OSCP / OSE

PSC-200 / AZ-500 / CISS

PGICSP (for OT / ICS experience

Preferred Skills :

Strong problem-solving skills under pressure

Excellent written and verbal communication (for RCA reports, executive briefings

Ability to lead customer-facing incident response calls and postmortem

Passion for staying current with threat landscape and evolving technologies

Team player with mentoring mindset

Why Join Us :

Work on a cutting-edge cybersecurity product in a fast-paced startup environment

Collaborate with a world-class team of engineers and security experts

Opportunity to learn, grow, and make a real impact from day one