L2 SOC Analyst

About Us

BluSapphire is a product-based organization focused on addressing cybersecurity challenges for enterprises across various industry verticals. With the rapid digital adoption across businesses, the cyber threat landscape has become increasingly complex and is now a major business risk for organizations of all sizes. While many enterprises deploy multiple cybersecurity tools to detect threats, the overwhelming volume of generated alerts and understaffed security teams make identifying and mitigating real threats 24/7 a monumental task.

That's where BluSapphire comes in — we're an industry-first, purpose-built, cloud-native Beyond XDR platform powered by AI and big data analytics. Our platform enables organizations to rapidly transform their cybersecurity posture, resulting in faster time-to-value, quicker breach detection and mitigation, and an overall reduction in business risk. Security operations on the BluSapphire platform are highly efficient, requiring minimal human intervention to solve complex cybersecurity challenges.

Position Details – L2 SOC Analyst

Continuing its strategic expansion, BluSapphire is enhancing the capabilities of the Security Operations Center
and seeks experienced, dynamic professionals for the
L2 SOC Analyst
role. This position plays a pivotal role in the incident response team, requiring a strong background in cybersecurity, client interaction, and a proactive approach. The L2 SOC Analyst operates advanced security monitoring solutions, ensuring swift responses to identified security events. The role entails working in a shift schedule to provide
24/7 coverage
, following an initial ramp-up period.

Location:
Hyderabad

Qualification:
B.Sc CSC / B.Tech or BE Computers / MCA. Certifications such as CISSP, CEH, GCIH, OSCP, or OSCE are a plus.

Experience:
8–10 years

Employment Type:
Full-time

Job Responsibilities:

• Act as an escalation point for high and critical severity security incidents and conduct thorough investigations to determine potential impact and understand the extent of compromise.
• Verify and authenticate events, alerts, and incidents reported by L1 analysts.
• Analyze attack patterns, Tools, Techniques and Procedures (TTPs) to identify methods of attacks and attack life cycle.
• Defining, planning, implementing, maintaining, and upgrading security measures, policies, and controls.
• Carry out in-depth investigation and correlation and work with the stakeholders towards mitigation and closure of critical, high severity and other complex incidents.
• Developing and implementing novel threat detection content, rules, and use cases for deployment in the SIEM platform involves working with diverse data sets, including Proxy, VPN, Firewall, DLP, etc. This includes the creation of sophisticated and advanced rules while ensuring precise fine-tuning for optimal performance.
• Conduct analysis to gather evidence, validate root cause and analyze the extent of compromise leveraging Client's security toolset.
• Collaborate with cross-functional teams, to ensure end to end management of security incident lifecycle.
• Conduct thorough investigations to identify true positives from false positives, prioritize incidents, and recommend appropriate actions.
• Respond to incident escalations and provide solid recommendations.
• Identify and leverage emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
• Ensure process compliance through regular reviews and updates of existing SOPs, processes, standards, guidelines, and checklists on a periodic basis (quarterly/half-yearly). Additionally, assist in the development and improvement of Security Operations processes, involving the creation or modification of SOPs, Playbooks, and Work instructions.
• Perform Advanced diligent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, IDS, IPS, and MDR solutions.
• Train L1/L2 via planned knowledge transfer & internal training sessions.

Job Requirements:

• Minimum 8 years' experience working in a large-scale IT environment with focus on Cyber / Information Security.
• Strong Knowledge of Network security (Firewalls, Proxies, IDS/IPS, Vulnerability Scanner).
• Seasoned in Digital forensics, malware assessment, and Threat Hunting.
• 5+ years of hands-on experience on leading analytical platforms like Splunk, Qradar, Hunters, SumoLogic, Sentinel. Knowledge of other security technologies (such as Email Security Gateway, SOAR, IPS/IDS, Proxy, EDR, TI, DLP, CASB, PAM etc.) will be an added advantage.
• Deep understanding of MITRE ATT&CK Framework.
• Customer-facing, with good report-writing skills and strong communication skills at all levels.
• Ability to provide technical and service leadership to L1 and other L2 analysts. Be a thought leader in the SOC.
• Knowledge of Security Best Practices and Concepts.
• Conducting vulnerability testing and risk analyses to assess security and performing internal and external security audits.
• Strong analytical and problem-solving skills.
• Lead incident investigation and response activity.
• Participate in on-call rotation for after-hours security incident escalations.
• Capability to communicate and listen to needs from organizational or client stakeholders.
• Staying up to date with emerging security threats.
• Well-developed logical thinking capabilities, to be able to investigate cases.
• Reliability and overall good communication skills – both verbal and written.
• Able to work in shift schedule.
• Staying up to date with emerging security threats.
• Good interpersonal skills – clear communication, attentive & careful listening, empathetic behavior, being positive, supporting useful ideas & honest efforts of colleagues, being positive.

Nice To Have:
Ethical hacking certification or CISSP or GCIH or training is a major advantage.

Kindly share your updated resume