Soc Analyst Ii, Information Security

Saviynt is an identity authority platform built to power and protect the world at work In a world of digital transformation where organizations are faced with increasing cyber risk but cannot afford defensive measures to slow down progress Saviynt s Enterprise Identity Cloud gives customers unparalleled visibility control and intelligence to better defend against threats while empowering users with right-time right-level access to the digital technologies and tools they need to do their best work We are building a next-generation Security Operations Center SOC designed for the cloud-first era We are moving beyond traditional reactive methods to build an intelligent automated SOC that leverages deep cloud security expertise to stop advanced threats We are seeking a motivated and detail-oriented L2 SOC Analyst to be a core member of our 24 7 operations team This role is for a hands-on analyst who excels at investigating complex alerts using automation to accelerate response and is passionate about cloud security You will be the primary line of in-depth analysis working to validate investigate and contain threats as they are escalated from L1 Please note This is a 24 7 operational role The SOC team works in three rotating shifts morning afternoon and night to ensure continuous monitoring and response WHAT YOU WILL BE DOING Incident Triage Investigation Serve as the primary escalation point for alerts triaged by L1 analysts and automated systems Conduct detailed analysis of security alerts from a wide range of sources SIEM EDR CSPM Cloud-native tools to validate threats and determine their scope Investigate security incidents in our enterprise and cloud environments AWS Azure GCP correlating data to build a complete picture of attacker activity Perform deep-dive analysis of logs network packets and endpoint data to identify indicators of compromise IOCs Incident Response Automation Execute and tune automated response playbooks using our SOAR platform for common security incidents Perform timely incident response actions such as isolating compromised hosts blocking malicious IPs domains and disabling compromised accounts Utilize and modify existing scripts primarily Python to assist with automated evidence collection and enrichment Document all investigation steps findings and containment actions in our incident management system Threat Hunting Cloud Monitoring Participate in guided threat hunting campaigns based on new threat intelligence or hypotheses developed by senior analysts Actively monitor and analyze security logs from cloud-native tools e g AWS GuardDuty CloudTrail Cloudflare Azure etc Assist in tuning detection rules and identifying false positives to help improve the fidelity of our security alerts Continuous Improvement Collaboration Escalate complex high-severity or unresolved incidents to L3 Analysts and the Incident Response team with detailed handover notes Contribute to the refinement of SOC documentation including Standard Operating Procedures SOPs and investigation runbooks Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis What You Bring Bachelor s degree in Computer Science Information Security or a related field or equivalent practical experience Willingness and ability to work in a 24 7 rotational shift environment morning afternoon and night 4-6 years of experience in a Security Operations SOC environment with demonstrated L2 capabilities Cloud Security Experience Hands-on experience monitoring and responding to alerts in at least one major cloud provider AWS Azure or GCP Technical Expertise Strong hands-on experience with SIEM e g Splunk QRadar Azure Sentinel and EDR e g CrowdStrike SentinelOne platforms Automation Familiarity Experience using a SOAR platform and familiarity with scripting Python preferred for basic automation or analysis tasks Strong working knowledge of the MITRE ATT CK framework and its application to incident analysis Why Join Us Be at the forefront of a modern cloud-focused Security Operations Center Gain deep hands-on experience with cutting-edge cloud security automation and threat intelligence technologies A clear career path for growth into L3 threat hunting or automation engineering roles Collaborate with world-class security and engineering leaders in a high-impact operational role