Senior Security Analyst

Job Title: Senior Security Analyst - L3

Location: Bangalore (on site)

Experience Level: 5 to 8 years

Shift: 24/7 monitoring shift

About ColorTokens

At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen—but with our cutting-edge ColorTokens Xshield platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected.

Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave: Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions.

Join us in transforming cybersecurity. Learn more at www.colortokens.com.

Our culture

We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and highly motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of the world's impactful organizations - be it a children's hospital, or a city, or the defense department of an entire country.

Job Description:

ColorTokens is seeking a highly experienced and proactive Senior Security Analyst (L3) to lead complex threat investigations and incident response within our Managed Security Operations Center (SOC). This role is critical in identifying advanced threats, guiding security operations, developing detection strategies, and mentoring Tier 1 and Tier 2 analysts. The ideal candidate possesses deep technical expertise in cybersecurity, excellent analytical skills, and a strong understanding of modern attack techniques across IT and OT environments.

Key Responsibilities:

• Lead investigation and response for high-severity security incidents across customer environments
• Perform deep-dive forensics on endpoints, network traffic, logs, and cloud environments
• Correlate and enrich data from multiple sources (EDR, SIEM, NDR, threat intel, OT sensors)
• Serve as an escalation point for complex alerts and incidents from L1/L2 teams
• Conduct proactive threat hunting based on TTPs (MITRE ATT&CK) and IOC analysis
• Develop detection use cases, custom SIEM rules, and SOAR automation workflows
• Participate in red/blue/purple team exercises and incident simulations
• Guide playbook development and tuning of triage/response workflows
• Deliver incident briefings and root cause analysis (RCA) reports to internal and external stakeholders
• Collaborate with threat intelligence, engineering, and customer success teams
• Mentor junior analysts and contribute to team knowledge-sharing initiatives

Required Skills & Experience:

• 5–8 years of experience in a SOC, threat detection, incident response, or cyber forensics role
• Strong knowledge of threat actor tactics, techniques, and procedures (TTPs)
• Proficient in interpreting logs across various platforms: SIEMs, EDRs, firewalls, cloud environments
• Hands-on experience with tools such as:
• SIEM: Splunk, Sentinel, QRadar
• EDR/XDR: CrowdStrike, Defender for Endpoint, SentinelOne
• NDR: Vectra, Darktrace, ExtraHop
• SOAR: XSOAR, Splunk SOAR, Tines
• Experience with scripting and automation (Python, KQL, Bash, PowerShell)
• In-depth knowledge of Windows, Linux, and network protocols
• Exposure to cloud security (Azure, AWS) and hybrid infrastructures
• Familiarity with OT/ICS environments (Nozomi, Claroty, etc.) is a strong plus

Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience)
• One or more advanced certifications preferred:
• GIAC (GCIA, GCIH, GCFA, GNFA)
• OSCP / OSEP
• SC-200 / AZ-500 / CISSP
• GICSP (for OT/ICS experience)

Preferred Skills:

• Strong problem-solving skills under pressure
• Excellent written and verbal communication (for RCA reports, executive briefings)
• Ability to lead customer-facing incident response calls and postmortems
• Passion for staying current with threat landscape and evolving technologies
• Team player with mentoring mindset

Why Join Us?

• Work on a cutting-edge cybersecurity product in a fast-paced startup environment.
• Collaborate with a world-class team of engineers and security experts.
• Opportunity to learn, grow, and make a real impact from day one.