Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Security Information and Event Management (SIEM) Operations

Good to have skills :

NA

Minimum

3

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: As a Level 2 SOC Analyst, your role involves deeper investigation of security alerts and confirmed incidents. You will validate escalated events using Sumo Logic and CrowdStrike Falcon, enrich them with context, and work closely with L3 analysts to assist in containment and timely remediation. You will also assist in improving detection fidelity and supporting SOAR automation. Roles & Responsibilities: o -Intermediate Sumo Logic SIEM query and dashboarding skills -Alert Triage & Investigation: Experience investigating escalated alerts using SIEM or EDR -Hands-on experience with CrowdStrike EDR investigations -Incident Response and Containment: Take necessary actions to contain, eradicate and recover from security incidents. -Malware Analysis: Perform malware analysis using the sandboxing tools like CS etc. -SOAR Execution: Running and modifying basic playbooks in Sumo Logic SOAR -Incident Reporting and Documentation: Strong reporting skills with accurate detail capture to provide the RCA for the true positive security incidents with detailed documentation. -Communication & Collaboration: Send emails to request information, provide updates, and coordinate with different teams to ensure tasks are completed efficiently. -MITRE ATT&CK Mapping: Ability to classify incidents with tactics/techniques -Alert fine tuning recommendations to reduce false positive noise -Investigate alerts escalated by L1 to determine scope, impact, and root cause -Perform in-depth endpoint and network triage using CrowdStrike -Use CrowdStrike Falcon to perform endpoint analysis and threat validation -Correlate multiple log sources in Sumo Logic to trace attacker activity -Execute or verify SOAR playbooks for containment actions (isolate host, disable user) -Enrich events with asset, identity, and threat intelligence context -Document investigation workflows, evidence, and final conclusions -Support L3 during major incidents by performing log or memory triage -Suggest improvements in alert logic or SOAR workflow to reduce false positives -Conduct threat research aligned to alert patterns and business context -Enhance alert fidelity with threat intel and historical context -Document investigation findings and communicate with stakeholders Professional & Technical Skills: -Exposure to threat hunting techniques -Scripting to assist SOAR playbook tuning -Triage Automation: Ability to identify playbook gaps and recommend improvements -Cloud Security Basics: Awareness of log patterns from AWS/Azure -Log Analysis: Correlation and trend identification in Sumo Logic -Certifications: SC-200, CySA+, ECSA or relevant advanced certification -SIEM: Advanced queries, dashboards, correlation logic -SOAR: Execute and troubleshoot playbooks -Tools: CrowdStrike (RTR, detections, indicators), Sumo Logic SIEM -Threat Analysis: IOC enrichment, TTP identification -Primary Skill: Incident Investigation and Enrichment Additional Information: - The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM) Operations. - This position is based at our Bengaluru office. - A 15 years full time education is required.




15 years full time education