Senior Security Operations Analyst

Senior Security Operations Analyst

We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats.

What youll do:

• Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging
• Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities
• Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time.
• Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities.
• Perform proactive threat hunting to identify and mitigate advanced threats.
• Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation
• Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats
• Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership
• Continuously improve SOC processes and playbooks to streamline operations and response efforts
• Mentor junior SOC analysts and provide guidance on security best practices.
• This role requires participation in a rotational shift.
• Flexibility and availability to respond to urgent incidents outside of assigned shifts as needed

What youll bring:

• Strong analytical and problem-solving abilities
• Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams
• Proven ability to remain calm and efficient under a high-pressure environment
• Proficient in using SIEM tools, such as Microsoft Sentinel
• Experience with data migration strategies across SIEM platforms
• Experience on Cloud Security Operations and Incident Response platforms such as Wiz
• In-depth understanding of cyber threats, vulnerabilities, and attack vectors
• Proficient in creating KQL queries and custom alerts within Microsoft Sentinel
• Expertise in developing SIEM use cases and detection rules
• Skilled in incident response and management procedures
• Experienced in conducting deep-dive investigations and root cause analysis for incidents
• Adept at collaborating with stakeholders to resolve complex cybersecurity challenges
• Ability to automate routine SOC processes to enhance operational efficiency
• Experienced in mentoring and guiding junior analysts in security operations
• Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools

Good to have skills and abilities:

• Excellent interpersonal (self-motivational, organizational, personal project management) skills
• Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System
• Ability to analyze cyber threats to develop actionable intelligence
• Skill in using data visualization tools to convey complex security information

Academic Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience)
• 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management
• Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks
• Experience with SIEM migration
• Expertise in incident response, threat detection, and security monitoring
• Solid understanding of Windows, Linux, and cloud security concepts
• Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred
• Preferred Security Cloud Certifications: AWS Security Specialty