Monitor and triage security alerts across SIEM, EDR, cloud security, identity and other platforms
Perform initial investigation on escalated events, collecting and correlating evidence across log sources
Execute containment and remediation actions under defined escalation thresholds
Maintain accurate and timely documentation in the incident tracking system
Contribute to YARA-L rule development and tuning in Chronicle/Google SecOps
Assist with CrowdStrike Falcon IOA and prevention policy maintenance
Review and act on SOCRadar threat intelligence feeds, correlating IOCs against internal telemetry
Identify detection gaps and recommend coverage improvements
Triage cloud security findings from environments
Investigate identity anomalies including suspicious login patterns and MFA bypass attempts
Support cloud IR investigations log analysis
Author and maintain SOC runbooks and triage playbooks
Participate in knowledge transfer during shift handoff
Support compliance-adjacent security activities

2–4 years of SOC, incident response, or security operations experience
Bachelor's degree (B. Tech) from a Tier1, Tier2 institution.
Hands-on experience with a SIEM platform (Chronicle, Splunk, Sentinel, or equivalent)
Familiarity with EDR tooling (CrowdStrike Falcon preferred)
Foundational understanding of cloud security concepts across AWS or GCP
Working knowledge of identity threat patterns (credential stuffing, MFA fatigue, account takeover)
Ability to read and interpret logs: authentication, network, endpoint, and cloud audit trails
Strong written communication skills — clear, concise incident documentation and escalation summaries.
Exposure to CSPM/CWPP platform
Familiarity with various log schemas
Scripting proficiency in Python or similar for basic automation and log parsing
Relevant certifications: CompTIA Security+, CySA+, GCIH, GCIA, or equivalent.

Security Operations Analyst

Key skills