Security Analyst II

About the Role

We are seeking a highly skilled Security Analyst (Level 2) to join our MSSP SOC team. The ideal candidate will have expertise in SIEM (Splunk, QRadar), XDR/EDR solutions, and security analysis with hands-on experience in investigating and responding to security alerts. This role requires proficiency in reviewing and analyzing Level 1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have basic SIEM administration knowledge and Python scripting skills for troubleshooting and playbook development.

Key Responsibilities

• Threat Detection & Response: Analyze and investigate security alerts, events, and incidents generated by SIEM, XDR, and EDR solutions.


• Incident Investigation & Handling: Conduct in-depth security incident investigations, assess impact, and take appropriate actions. 


• Incident Escalation & Communication: Escalate critical incidents to Level 3 analysts or senior security teams while maintaining detailed documentation.


• Content Management: Develop and fine-tune correlation rules, use cases, and alerts in SIEM/XDR platforms to improve detection accuracy.


• Malware Analysis: Perform basic malware analysis and forensic investigation to assess threats.


• Customer Request Handling: Collaborate with customers to address security concerns, provide recommendations, and respond to inquiries.


• SIEM Administration: Assist in the administration and maintenance of SIEM tools like Splunk or QRadar, ensuring smooth operations.


• Automation & Playbooks: Utilize Python scripting for automation, troubleshooting, and playbook development to enhance SOC efficiency.


• Reporting & Documentation: Prepare detailed reports on security incidents, trends, and mitigation strategies. 

Basic Qualifications

• B.E/B. Tech degree in computer science, Information Technology, Masters in Cybersecurity


• 3+ years of experience in a SOC or cybersecurity operations role.


• Strong knowledge of SIEM tools (Splunk, QRadar) and XDR/EDR solutions.


• Hands-on experience in threat detection, security monitoring, and incident response.


• Knowledge of network security, intrusion detection, malware analysis, and forensics.


• Basic experience in SIEM administration (log ingestion, rule creation, dashboard management).


• Proficiency in Python scripting for automation and playbook development.


• Good understanding of MITRE ATT&CK framework, security frameworks (NIST, ISO 27001), and threat intelligence.


• Strong analytical, problem-solving, and communication skills.


• Ability to work in a 24x7 SOC environment (if applicable)

Preferred Qualifications

• Certified SOC Analyst (CSA)


• Certified Incident Handler (GCIH, ECIH)


• Splunk Certified Admin / QRadar Certified Analyst


• CompTIA Security+ / CEH / CISSP (preferred but not mandatory