Sr Analyst

Job Summary

Job Summary : The SOC Operations Analyst L2 is responsible for monitoring and analyzing security alerts using tools like Microsoft Sentinel. The role includes investigating incidents, identifying real threats, and supporting response and remediation activities. The analyst works on alerts escalated from L1, performs log analysis, and helps improve detection by fine-tuning rules. They also support threat hunting, automation, and maintain proper documentation and reports. This role requires good knowledge of SIEM tools, security logs, and common cyber threats, along with close coordination with internal security and IT teams.🔹 Threat Monitoring & Analysis\\r\\n \\r\\n Monitor security alerts from SIEM tools (Sentinel, Arc Sight, Splunk, QRadar)\\r\\n Perform in-depth analysis of escalated incidents (L1 → L2)\\r\\n Validate true positives and eliminate false positives\\r\\n \\r\\n🔹 Incident Investigation & Response\\r\\n \\r\\n Conduct root cause analysis (RCA) for security incidents\\r\\n Perform log correlation across multiple sources (EDR, Firewall, AD, Cloud logs)\\r\\n Support incident containment and remediation actions\\r\\n \\r\\n🔹 Use Case Tuning & Optimization\\r\\n \\r\\n Fine-tune SIEM correlation rules and alerts\\r\\n Reduce noise and improve detection accuracy\\r\\n Map detections to MITRE ATT&CK; framework\\r\\n \\r\\n🔹 Threat Hunting (Proactive)\\r\\n \\r\\n Perform proactive threat hunting using SIEM, EDR, and threat intelligence\\r\\n Identify hidden or advanced threats not detected by rules\\r\\n Develop hypotheses-based hunting scenarios\\r\\n \\r\\n🔹 Automation & Playbooks\\r\\n \\r\\n Support SOAR playbook execution (Sentinel Logic Apps, etc.)\\r\\n Assist in developing automation for repetitive tasks\\r\\n Integrate SIEM with ticketing systems (Service Now)\\r\\n \\r\\n🔹 Reporting & Documentation\\r\\n \\r\\n Document incidents, findings, and recommendations\\r\\n Prepare incident reports, dashboards, and metrics\\r\\n Maintain SOPs, runbooks, and knowledge base\\r\\n \\r\\n🔹 Collaboration\\r\\n \\r\\n Work closely with L1 analysts, L3 engineers, and IR teams\\r\\n Coordinate with IT teams for remediation actions\\r\\n Support audits and compliance activities

Key Responsibilities

Job Responsibilities : 🔹 Threat Monitoring & Analysis Monitor security alerts from SIEM tools (Sentinel, Arc Sight, Splunk, QRadar) Perform in-depth analysis of escalated incidents (L1 → L2) Validate true positives and eliminate false positives 🔹 Incident Investigation & Response Conduct root cause analysis (RCA) for security incidents Perform log correlation across multiple sources (EDR, Firewall, AD, Cloud logs) Support incident containment and remediation actions 🔹 Use Case Tuning & Optimization Fine-tune SIEM correlation rules and alerts Reduce noise and improve detection accuracy Map detections to MITRE ATT&CK; framework 🔹 Threat Hunting (Proactive) Perform proactive threat hunting using SIEM, EDR, and threat intelligence Identify hidden or advanced threats not detected by rules Develop hypotheses-based hunting scenarios 🔹 Automation & Playbooks Support SOAR playbook execution (Sentinel Logic Apps, etc.) Assist in developing automation for repetitive tasks Integrate SIEM with ticketing systems (Service Now) 🔹 Reporting & Documentation Document incidents, findings, and recommendations Prepare incident reports, dashboards, and metrics Maintain SOPs, runbooks, and knowledge base 🔹 Collaboration Work closely with L1 analysts, L3 engineers, and IR teams Coordinate with IT teams for remediation actions Support audits and compliance activities

Skill Requirements

Skill Requirement : Core Skills Hands-on experience with SIEM tools (Sentinel / Arc Sight / Splunk / QRadar) Strong understanding of logs: Windows Event Logs Syslog / Firewall logs Cloud logs (Azure/AWS/GCP) Detection & Security Knowledge MITRE ATT&CK; framework Cyber Kill Chain Threat vectors: phishing, malware, ransomware, insider threats Tools & Technologies EDR tools (Microsoft Defender, Crowd Strike, Carbon Black) Email security tools Vulnerability tools (Qualys, Nessus) Querying & Analysis KQL / SPL / Query languages Log correlation and pattern analysis Systems & Networking Networking basics (TCP/IP, DNS, HTTP, VPN) Windows & Linux fundamentals

Other Requirements

Other Requirement : Experience Requirements 3–6 years in SOC / Security Operations Experience handling P2/P3 incidents independently Exposure to incident response and threat hunting Education & Certifications Bachelor’s degree in IT / Cybersecurity Preferred certifications: SC-200 (Microsoft Security Operations) CEH / Security+ GIAC / CySA+ (optional)