L2 SOC Analyst (SecOps Platform Experience)

Hiring: L2 SOC Analyst (SecOps Platform Experience)

Company: Ssquad Global
Location: Bangalore, ITPL Whitefield
Experience: 3–6 years
Job Type: Full-time / Onsite
Immediate Joiners Preferred

We are looking for an experienced L2 SOC Analyst with strong hands-on expertise across SecOps platforms. The role includes incident investigation, threat hunting, handling escalated alerts, and supporting response activities.

Key ResponsibilitiesSecurity Monitoring & Investigation

• Monitor, analyze, and triage alerts escalated from L1 analysts.
• Perform in-depth investigation of security incidents using SIEM, SOAR, UEBA, EDR, NDR, and Threat Intel platforms.
• Validate security events and determine true positives / false positives.
• Conduct root-cause analysis and map events to MITRE ATT&CK, cyber kill chain, and relevant frameworks.

Incident Response

• Lead containment, eradication, and recovery activities for moderate to high-severity incidents.
• Develop incident timelines, impact assessments, and case documentation.
• Coordinate with IT, network, cloud, and application teams to execute response actions.
• Support incident escalation to L3 or IR teams when required.

Threat Hunting & Proactive Security

• Perform proactive threat hunting based on hypotheses, threat intel, behavioral anomalies, or IOCs.
• Analyse patterns of suspicious activity and recommend detection rule improvements.
• Create custom detection content (SIEM rules, correlation logic, dashboards, playbooks).

SecOps Platform Operations

Hands-on experience with at least one or more of the following:

• SIEM: Securonix, Microsoft Sentinel, FortiSIEM,
• SOAR: Palo Alto Cortex XSOAR, Splunk SOAR, Sentinel Automation.
• EDR/XDR: CrowdStrike, Microsoft Defender, Trend Micro Vision One, SentinelOne.Cyber Ark, Tenable, Zscaler
• NDR: Darktrace, Vectra, ExtraHop.

Responsibilities include:

• Tuning rules, correlation policies, and detection logic.
• Maintaining dashboards, threat feeds, enrichment integrations, and log ingestion pipelines.
• Supporting use-case lifecycle: design → deploy → tune → optimize.
• Troubleshooting platform issues and coordinating with vendors as needed.

Reporting & Documentation

• Prepare daily/weekly incident summaries, threat reports, and SOC metrics.
• Document workflows, runbooks, and playbooks for repeated investigations.
• Maintain compliance with audit, regulatory, and internal requirements.

Required Skills & Experience

• 3–6 years of experience in SOC operations, cyber defense, incident response, or threat analysis.
• Strong hands-on experience with at least one SecOps platform (Securonix/Splunk/Sentinel/QRadar/Exabeam).
• Proficiency in analyzing logs from network, server, cloud, security appliances, and applications.
• Experience writing correlation queries (e.g., SPL, KQL, SQL-like languages).
• Knowledge of malware behavior, phishing analysis, lateral movement, privilege escalation, and network attack vectors.
• Familiarity with:
• MITRE ATT&CK
• Cyber Kill Chain
• NIST 800-61 IR Framework
• ISO 27001 controls
• Strong understanding of network protocols (HTTP, DNS, SMTP, VPN, IPSec, TLS).
• Experience with cloud environments (Azure, AWS, GCP) is an advantage

CEH, Security+, CySA+, GCIA, GCIH, Securonix Analyst, Splunk Core/ES, SC-200, QRadar, AZ-900, AWS Security.

Send your profile to hemlata@ssquad.com

Job Types: Full-time, Permanent

Pay: ₹627,835.20 - ₹1,146,777.83 per year

Benefits:

• Provident Fund

Work Location: In person