Security Analyst II

About the Role

We are seeking a highly skilled Security Analyst (Level 2) to join our MSSP SOC team. The ideal candidate will have expertise in SIEM (Splunk, QRadar), XDR/EDR solutions, and security analysis with hands-on experience in investigating and responding to security alerts. This role requires proficiency in reviewing and analyzing Level 1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have basic SIEM administration knowledge and Python scripting skills for troubleshooting and playbook development.

Key Responsibilities

• Threat Detection & Response: Analyze and investigate security alerts, events, and incidents generated by SIEM, XDR, and EDR solutions.
• Incident Investigation & Handling: Conduct in-depth security incident investigations, assess impact, and take appropriate actions. 
• Incident Escalation & Communication: Escalate critical incidents to Level 3 analysts or senior security teams while maintaining detailed documentation.
• Content Management: Develop and fine-tune correlation rules, use cases, and alerts in SIEM/XDR platforms to improve detection accuracy.
• Malware Analysis: Perform basic malware analysis and forensic investigation to assess threats.
• Customer Request Handling: Collaborate with customers to address security concerns, provide recommendations, and respond to inquiries.
• SIEM Administration: Assist in the administration and maintenance of SIEM tools like Splunk or QRadar, ensuring smooth operations.
• Automation & Playbooks: Utilize Python scripting for automation, troubleshooting, and playbook development to enhance SOC efficiency.
• Reporting & Documentation: Prepare detailed reports on security incidents, trends, and mitigation strategies. 

Basic Qualifications

• B.E/B. Tech degree in computer science, Information Technology, Masters in Cybersecurity
• 3+ years of experience in a SOC or cybersecurity operations role.
• Strong knowledge of SIEM tools (Splunk, QRadar) and XDR/EDR solutions.
• Hands-on experience in threat detection, security monitoring, and incident response.
• Knowledge of network security, intrusion detection, malware analysis, and forensics.
• Basic experience in SIEM administration (log ingestion, rule creation, dashboard management).
• Proficiency in Python scripting for automation and playbook development.
• Good understanding of MITRE ATT&CK framework, security frameworks (NIST, ISO 27001), and threat intelligence.
• Strong analytical, problem-solving, and communication skills.
• Ability to work in a 24x7 SOC environment (if applicable)

Preferred Qualifications

• Certified SOC Analyst (CSA)
• Certified Incident Handler (GCIH, ECIH)
• Splunk Certified Admin / QRadar Certified Analyst
• CompTIA Security+ / CEH / CISSP (preferred but not mandatory