JOB SUMMARY
We are seeking an experienced Security Analyst (Tier 2) to join our Security Operations Center (SOC) team. The successful candidate will serve as a subject matter expert in enterprise security monitoring, responsible for the detection, investigation, and response to cybersecurity incidents and threats across a large-scale, complex enterprise environment.
JOB LOCATION: Chennai
Key Responsibilities:
Manage and maintain the SIEM platform — ensuring log ingestion health, data source onboarding, parser validation, and rule accuracy.
Lead and coordinate Tier 2 incident response activities — containing, eradicating, and recovering from security incidents in line with the SOC IR playbook and defined SLAs.
Document all investigation steps, findings, evidence, and actions taken accurately within the ITSM / ticketing system (e.g. ServiceNow, Jira).
Perform root cause analysis (RCA) on significant incidents and contribute lessons learned to post-incident review reports.
Develop, tune, and maintain detection rules, correlation rules, and dashboards to improve coverage across the MITRE ATT&CK framework.
Identify log source gaps and work with IT and infrastructure teams to onboard missing data sources into the SIEM.
Automate repetitive triage tasks through SOAR playbooks (e.g. Cortex XSOAR, Sentinel Logic Apps) to improve analyst efficiency and reduce MTTD/MTTR.
Monitor and investigate endpoint telemetry using EDR platforms (e.g. CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne) to detect malicious activity including malware, ransomware, and livingoff-the-land (LotL) attacks.
Analyse firewall logs and network traffic data (Palo Alto, FortiGate, Cisco ASA, Check Point) to identify suspicious traffic patterns, policy violations, and network-based threats.
Investigate alerts originating from IDS/IPS systems, web proxies, DNS security platforms, and network detection and response (NDR) solutions
Consume and operationalize threat intelligence feeds (commercial and open-source) — triaging IOCs, enriching alerts, and updating blocking lists in SIEM, firewall, and EDR platforms.
Track active threat campaigns, adversary groups, and CVEs relevant to the organization’s sector and technology stack.
Collaborate with IT, infrastructure, and engineering teams on threat remediation
Job requirements:
Minimum 5 years in a SOC / Security Operations environment
Qualifications:
Any degree in information technology specialization in Cyber Security/ Forensic, computer science, Information Technology
5-7 years of experience working in a 24x7 Security Operation Center (SOC) environment.
Hands-on experience working with any of the SIEM tools (Splunk, Microsoft Sentinel, or QRadar)
EDR expertise (CrowdStrike Falcon, Microsoft Defender, SentinelOne, or Cortex XDR)
Relevant certifications such as CEH, CHFI, COMPTIA +,GCIA, GCIH, Splunk, Elastic, Microsoft Sentinel, QRadar, or equivalent.
Work type:
Full-time, Permanent
Rotating shift model — Day / Evening / Night (24x7 coverage)
