Senior Security Analyst

JOB SUMMARY

We are seeking an experienced Security Analyst (Tier 2) to join our Security Operations Center (SOC) team. The successful candidate will serve as a subject matter expert in enterprise security monitoring, responsible for the detection, investigation, and response to cybersecurity incidents and threats across a large-scale, complex enterprise environment.

JOB LOCATION: Chennai

Key Responsibilities:

  • Manage and maintain the SIEM platform — ensuring log ingestion health, data source onboarding, parser validation, and rule accuracy.

  • Lead and coordinate Tier 2 incident response activities — containing, eradicating, and recovering from security incidents in line with the SOC IR playbook and defined SLAs.

  • Document all investigation steps, findings, evidence, and actions taken accurately within the ITSM / ticketing system (e.g. ServiceNow, Jira).

  • Perform root cause analysis (RCA) on significant incidents and contribute lessons learned to post-incident review reports.

  • Develop, tune, and maintain detection rules, correlation rules, and dashboards to improve coverage across the MITRE ATT&CK framework.

  • Identify log source gaps and work with IT and infrastructure teams to onboard missing data sources into the SIEM.

  • Automate repetitive triage tasks through SOAR playbooks (e.g. Cortex XSOAR, Sentinel Logic Apps) to improve analyst efficiency and reduce MTTD/MTTR.

  • Monitor and investigate endpoint telemetry using EDR platforms (e.g. CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne) to detect malicious activity including malware, ransomware, and livingoff-the-land (LotL) attacks.

  • Analyse firewall logs and network traffic data (Palo Alto, FortiGate, Cisco ASA, Check Point) to identify suspicious traffic patterns, policy violations, and network-based threats.

  • Investigate alerts originating from IDS/IPS systems, web proxies, DNS security platforms, and network detection and response (NDR) solutions

  • Consume and operationalize threat intelligence feeds (commercial and open-source) — triaging IOCs, enriching alerts, and updating blocking lists in SIEM, firewall, and EDR platforms.

  • Track active threat campaigns, adversary groups, and CVEs relevant to the organization’s sector and technology stack.

  • Collaborate with IT, infrastructure, and engineering teams on threat remediation

Job requirements:

  • Minimum 5 years in a SOC / Security Operations environment

Qualifications:

  • Any degree in information technology specialization in Cyber Security/ Forensic, computer science, Information Technology

  • 5-7 years of experience working in a 24x7 Security Operation Center (SOC) environment.

  • Hands-on experience working with any of the SIEM tools (Splunk, Microsoft Sentinel, or QRadar)

  • EDR expertise (CrowdStrike Falcon, Microsoft Defender, SentinelOne, or Cortex XDR)

  • Relevant certifications such as CEH, CHFI, COMPTIA +,GCIA, GCIH, Splunk, Elastic, Microsoft Sentinel, QRadar, or equivalent.

Work type:

  • Full-time, Permanent

  • Rotating shift model — Day / Evening / Night (24x7 coverage)

APPLY NOW

--More Ways to ApplY--