Tier 2 SOC Analyst

Role: Tier 2 Cyber Security Operations Analyst

Location: India Pune Remote (future hybrid)

Duration: 3-month contract to hire

Work hours: listed below under Work Environment

Job Overview:

The Tier 2 Cyber Security Operations Analyst is responsible for performing advanced analysis of security incidents, conducting in-depth investigations, and implementing mitigation strategies to protect organizational IT infrastructure. This role serves as an escalation point for Tier 1 analysts, requiring strong technical expertise, analytical skills, and the ability to handle complex cyber threats in a fast-paced SOC environment.

Key Responsibilities:

1. Incident Analysis and Response:

- Investigate escalated security incidents from Tier 1, including malware infections, advanced persistent threats (APTs), phishing campaigns, and unauthorized access attempts.

- Perform root cause analysis to identify the source, scope, and impact of incidents.

- Implement containment, eradication, and recovery measures, such as isolating compromised systems or applying security patches.

2. Threat Hunting and Proactive Monitoring:

- Conduct proactive threat hunting using SIEM tools and endpoint detection and response (EDR/XDR) platforms.

- Analyze Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) to identify potential threats.

- Correlate logs and alerts to detect patterns of malicious activity.

3. Security Tool Optimization:

- Configure and fine-tune security tools, including SIEM and SOAR platform.

- Develop and update SIEM rules, dashboards, and alerts to improve detection accuracy.

4. Documentation and Reporting:

- Document incident details, including timelines, findings, and remediation steps, in ticketing systems.

- Prepare detailed incident reports and post-incident reviews for management and compliance purposes.

- Contribute to the development of standard operating procedures (SOPs) and playbooks for incident response.

5. Collaboration and Escalation:

- Work closely with Tier 1 analysts to mentor and guide them on alert triage and basic incident handling.

- Collaborate with Senior Analysts, threat intelligence teams, and IT departments for advanced investigations and remediation.

- Liaise with external stakeholders, such as CERT-In or third-party vendors, during major incidents.

6. Threat Intelligence Integration:

- Incorporate threat intelligence feeds into security monitoring processes.

- Stay updated on emerging cyber threats, vulnerabilities, and attack trends relevant to the organization's industry.

Skills and Qualifications:

• Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Relevant certifications or equivalent experience may substitute.
• Experience: 4-7 years of experience in cybersecurity, preferably in a SOC environment or as a Tier 1 analyst. Hands-on experience with incident response is essential.

Technical Skills:

• Advanced knowledge of networking protocols (TCP/IP, DNS, VPN) and operating systems (Windows, Linux, macOS).
• Proficiency with SIEM platforms, EDR/XDR tools, and network security appliances.
• Experience with log analysis, packet capture tools (e.g., Wireshark), and scripting (e.g., Python, PowerShell, Bash) for automation.
• Familiarity with cloud security (e.g., AWS, Azure, Google Cloud) and related tools is a plus.
• Understanding of attack frameworks like MITRE Telecommunication & CK and common vulnerabilities (e.g., CVE database).
• Certifications (preferred):
• CompTIA Security+, CISSP
• Certified Ethical Hacker (CEH)
• GIAC Certified Incident Handler (GCIH)
• Strong problem-solving and critical-thinking skills.
• Ability to work under pressure and handle multiple incidents simultaneously.
• Excellent communication skills to explain technical findings to non-technical stakeholders.
• Team mentoring and leadership capabilities.

Work Environment:

- Work Hours: Typically 35-40 hours per week, with rotating shifts (e.g., 7 AM-3 PM, 3 PM-11 PM, 11 PM-7 AM) to support 24x7x365 SOC operations. On-call availability may be required.

- Team Structure: Reports to a SOC Manager or Lead Analyst, collaborates with Senior analysts, IT teams, and external vendors.