L1 SOC Analyst - Splunk, SPL, Crowdstrike

2 - 3 Years
2 Openings
Hyderabad

L1 SOC Analyst - Splunk, SPL, Crowdstrike

Location : Hyderabad, Bangalore

Experience : 2 to 4 years

Duties and Responsibilities :

• Hands-on content (use case) development experience using SIEM query languages (Splunk SPL, Kusto Query).

• Splunk on prem and cloud experience.

• Strong understanding of security event logging, parsing, and correlation.

• Design and customize complex search queries, develop dashboards, data models, reports and optimize their performance

• Understanding of the MITRE ATT&CK framework

• Experience working with various technical departments to enhance threat detections of deployed SIEMs.

• Monitor and analyze security s, incidents, and logs generated from CrowdStrike Falcon EDR platform.

• Perform triage, investigation, and response to endpoint-related security incidents.

• Conduct threat hunting and proactive analysis to identify suspicious or malicious activity across endpoints.

• Strong knowledge of CrowdStrike Falcon (policies, detections, investigations, RTR, dashboards).

• Experience in endpoint investigation and forensics (Windows, Linux, macOS).

• Familiarity with MITRE ATT&CK framework and common adversary tactics, techniques, and procedures (TTPs).

Desired Technical Skills

• Bachelor’s degree in computer science, Information Technology, or related field.

• 3+ years of relevant experience required.

• Splunk Enterprise Security Certified Admin is preferred, CISSP, CISM, or equivalent cybersecurity certifications are good to have.

• Experience with SIEM (Splunk), EDR (CrowdStrike), and other cybersecurity tools.

• Strong understanding of security operations concepts, including threat hunting, incident response, and malware analysis.

• Familiarity with scripting languages (Splunk SPL, Bash)

• Excellent analytical skills, with the ability to assess complex security issues and formulate effective solutions.