Security Operations Analyst
Skills
About the Role
You will join the Security Operations Center team, monitoring, analyzing, and triaging security events and alerts. You'll perform initial investigation on escalated events, collecting and correlating evidence across log sources, and execute containment and remediation actions under defined escalation thresholds. You'll contribute to detection rule development and tuning, maintain EDR prevention policies, and review threat intelligence feeds to correlate indicators of compromise against internal telemetry. You'll triage cloud security findings, investigate identity anomalies such as suspicious login patterns and MFA bypass attempts, and support cloud incident response investigations. You'll also author and maintain SOC runbooks and triage playbooks, participate in knowledge transfer during shift handoff, and support compliance-adjacent security activities. This role reports to the Security Operations Manager.
Requirements
- 2–4 years of SOC, incident response, or security operations experience
- Bachelor's degree (B. Tech) from a Tier1, Tier2 institution
- Hands-on experience with a SIEM platform (Chronicle, Splunk, Sentinel, or equivalent)
- Familiarity with EDR tooling (CrowdStrike Falcon preferred)
- Foundational understanding of cloud security concepts across AWS or GCP
- Working knowledge of identity threat patterns (credential stuffing, MFA fatigue, account takeover)
- Ability to read and interpret logs: authentication, network, endpoint, and cloud audit trails
- Strong written communication skills
- Exposure to CSPM/CWPP platform
- Familiarity with various log schemas
- Scripting proficiency in Python or similar for basic automation and log parsing
- Relevant certifications: CompTIA Security+, CySA+, GCIH, GCIA, or equivalent
Responsibilities
- Monitor and triage security alerts across SIEM, EDR, cloud security, identity and other platforms
- Perform initial investigation on escalated events, collecting and correlating evidence across log sources
- Execute containment and remediation actions under defined escalation thresholds
- Maintain accurate and timely documentation in the incident tracking system
- Contribute to YARA-L rule development and tuning in Chronicle/Google SecOps
- Assist with CrowdStrike Falcon IOA and prevention policy maintenance
- Review and act on SOCRadar threat intelligence feeds, correlating IOCs against internal telemetry
- Identify detection gaps and recommend coverage improvements
- Triage cloud security findings from environments
- Investigate identity anomalies including suspicious login patterns and MFA bypass attempts
- Support cloud IR investigations log analysis
- Author and maintain SOC runbooks and triage playbooks
- Participate in knowledge transfer during shift handoff
- Support compliance-adjacent security activities
