EXPERIENCE: 5 – 8 Years  

RESPONSIBILITIES (INCLUDES TASKS AND AUTHORITIES):

Key Responsibilities

• Detect, identify, and promptly alert on potential attacks, intrusions, anomalous activities, and misuse, distinguishing them from benign events.
• Conduct research, analysis, and correlation across diverse data sets to identify indications and warnings of threats.
• Analyze network alerts from multiple sources and determine their root causes and potential impact.
• Provide daily summary reports of relevant network and security events.
• Notify and coordinate with managers and incident responders, clearly articulating event history, status, and potential business impact as per the incident response plan.
• Analyze and report on system security posture trends.
• Assess access controls based on the principles of least privilege and need-to-know.
• Perform vulnerability management, including scanning, analysis, and follow-up on critical vulnerabilities.
• Lead and participate in incident response activities, including root cause analysis and remediation recommendations.
• Develop, review, and maintain SIEM correlation rules and incident response playbooks.
• Provide mentorship and guidance to L1 SOC analysts, reviewing and escalating tickets as needed.
• Stay current with emerging threats, vulnerabilities, and regulatory security requirements.

Required Skills & Experience

• 2–4 years of experience in a SOC environment, with at least 1 year in a Level 2 (L2) role
• Proficiency in Splunk SIEM: log analysis, rule creation, dashboarding, and incident investigation1
• Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms.
• Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies
• Ability to perform packet-level analysis using tools such as Wireshark or tcpdump
• Experience in malware analysis, digital forensics, and threat intelligence platforms1
• Familiarity with authentication, authorization, and access control methods.
• Strong understanding of incident response and handling methodologies.
• Experience interpreting data from network tools (e.g., nslookup, ping, traceroute).
• Knowledge of Windows/Unix ports, services, and operating system command-line tools.
• Understanding of key security management concepts (e.g., patch management, release management).
• Excellent analytical, problem-solving, and communication skills
• Experience in documenting and reporting security incidents and trends.

CERTIFICATIONS(Any three):

  Relevant certifications such as SPLUNK, Certified SOC Analyst (CSA) , CompTIA Security+: 

TECHNICAL SKILLS /COMPETENCIES:

MANDATORY

• Experience with SIEM (e.g. Splunk, XDR)
• SIEM tools (e.g., Splunk, QRadar)
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
• Firewall and VPN technologies
• Threat intelligence platforms & Endpoint detection and response tools
• Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms.
• Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies