Senior SOC Analyst

Description :

Job Description :

We are seeking an expert, highly experienced Senior SOC Analyst with 611 years of specialized experience to lead our security operations, threat hunting, and incident response functions. Based in Pune, this role serves as the highest point of technical escalation and is critical for defending the organization against sophisticated cyber threats. The ideal candidate will possess deep expertise in threat analysis, advanced SIEM management, and the proactive development of security strategies and playbooks, while also mentoring junior team members.

Key Responsibilities :

- Incident Response Leadership and Escalation : Serve as the primary point of escalation for all complex and critical security incidents, taking decisive ownership of the issue. Lead and coordinate end-to-end incident response (IR) efforts, including containment, eradication, and post-incident recovery processes.

- Advanced Threat Analysis and Remediation : Perform in-depth technical analysis (forensics, log review) to definitively determine the root cause, scope, and business impact of security incidents. Develop, implement, and ensure the effective execution of advanced remediation strategies.

- Proactive Threat Hunting and Analysis : Develop and execute proactive threat hunting methodologies and techniques using hypothesis-driven approaches to identify hidden or advanced threats that have evaded standard security controls.

- Analyze network traffic, system logs, and endpoint data to uncover suspicious activities and potential Indicators of Compromise (IOCs).

- Utilize and fuse external threat intelligence (TI) with internal data to inform hunting activities and anticipate future attack trends.

- SIEM and Security Tool Mastery : Possess expert-level knowledge of Security Information and Event Management (SIEM) systems and other core security tools (e.g., EDR, NDR, TIP).

- Develop, implement, and fine-tune advanced correlation rules, alerts, and dashboards within the SIEM to continuously improve the organization's detection capabilities and reduce false positives.

- Vulnerability Analysis and Countermeasures : Collaborate closely with the vulnerability management teams. Analyze exploit techniques for identified vulnerabilities and develop specific detection signatures or countermeasures to mitigate risk. Provide authoritative guidance on remediation strategies for critical vulnerabilities.

- Automation and Process Optimization : Identify concrete opportunities for the automation of repetitive security tasks. Develop scripts or playbooks using orchestration platforms to streamline security operations and improve the Security Operations Center's (SOC) efficiency.

- Mentorship and Knowledge Transfer : Mentor and provide technical guidance to Level 1 and Level 2 analysts, fostering their professional skill development in advanced security topics. Develop and deliver internal training materials and knowledge-sharing sessions on advanced security analysis and IR procedures.

- Strategic Policy and TI Governance : Actively consume, analyze, and correlate threat intelligence feeds from various sources with internal security data. Contribute to the development of SOC processes, procedures, and playbooks based on experience and industry best practices. Develop and contribute to threat profiles and simulated attack scenarios relevant to the organization.

Required Skills :

Years of experience in Security Operations, Incident Response, or Threat Analysis, preferably within a large enterprise SOC environment.

- Expert technical knowledge of SIEM platforms (e.g., Splunk ES, Azure Sentinel, QRadar), including advanced query language proficiency, rule creation, and dashboard design.

- Proven, hands-on experience in Threat Hunting, including the ability to develop and execute complex hypotheses and utilize forensic tools and techniques.

- Deep understanding of common attacker tactics, techniques, and procedures (TTPs), the MITRE ATT&CK framework, and cyber kill chain methodology.

- Strong technical proficiency with endpoint security tools (EDR/XDR), network security monitoring (NDR), and Threat Intelligence Platforms (TIP).

- Experience with scripting languages (Python) for security automation and data analysis.

- Exceptional written and verbal communication skills for incident documentation and executive reporting.

Preferred Skills :

- Relevant industry certifications (e.g., SANS GIAC certifications : GCIH, GCFA, GNFA, or CISSP).

- Experience in cloud security monitoring and incident response in platforms like AWS, Azure, or GCP.

- Proven ability to lead a technical team and contribute to strategic SOC roadmap development.

- Familiarity with Vulnerability Management processes and risk scoring methodologies.