Job Description: IT Cyber Defense Analyst – P2

Location: Remote (Pune-Baroda, India)

Department: IT Cybersecurity / Security Operations Centre (SOC)

Reports To: SOC Manager

About the Role

The SOC IT Cyber Defense Analyst is responsible for real-time security monitoring, alert triage, and initial investigation of security events across enterprise environments. This role serves as the first line of defense, ensuring timely detection, analysis, escalation, and documentation of potential security incidents while maintaining operational excellence in a 24/7 SOC environment.

Key Responsibilities

Security Monitoring & Alert Triage

• Monitor security alerts from multiple platforms including SIEM, EDR/XDR, SOAR, IDS/IPS, Email Security, and Cloud Security tools
• Perform initial triage and analysis of alerts to determine severity, impact, and validity
• Identify false positives, benign events, and potential security incidents

Incident Handling & Investigation

• Conduct Level 1 investigation of security incidents such as:
  • Phishing and Email-based threats
  • Malware, ransomware, and suspicious file activity
  • Endpoint, network, and account anomalies
  • Unauthorized access attempts and policy violations
• Collect and analyze logs, artifacts, and indicators (IPs, URLs, hashes, domains)
• Document findings clearly and accurately in incident tickets and SOC communication channels

Escalation & Coordination

• Escalate confirmed or high-risk incidents to L2/L3 analysts or Incident Response teams as per defined runbooks
• Follow standard operating procedures (SOPs) and escalation matrices
• Coordinate with IT, Desktop, Network, Cloud, and Application teams when required

Communication & Reporting

• Provide clear, concise, and timely updates during incident handling
• Participate in shift handovers, ensuring continuity and proper knowledge transfer
• Maintain accurate incident timelines, actions taken, and next steps

Compliance & Process Adherence

• Adhere to SOC policies, security standards, and compliance requirements
• Ensure proper handling of sensitive information and evidence
• Follow approved WFH / on-site operational standards, including workstation and monitoring setup

Continuous Improvement

• Actively participate in training, tabletop exercises, and knowledge-sharing sessions
• Stay updated on latest threats, attack techniques, and security trends
• Provide feedback to improve SOC processes, detection rules, and playbooks

Required Skills & Qualifications

Technical Skills

• Basic understanding of:
  • Networking concepts (TCP/IP, DNS, HTTP/S, VPN)
  • Operating Systems (Windows, Linux fundamentals)
  • Cybersecurity concepts (malware, phishing, brute force, MITRE ATT&CK)
• Hands-on exposure or familiarity with:
  • SIEM tools (e.g., Splunk, Sentinel, QRadar, Elastic)
  • EDR/XDR platforms (Defender, CrowdStrike, SentinelOne, etc.)
  • Email security and phishing analysis
• Ability to analyze logs, alerts, and security events

Soft Skills

• Strong analytical and problem-solving skills
• Clear written and verbal communication skills
• Ability to work under pressure in a 24/7 operational environment
• High level of integrity, accountability, and attention to detail
• Willingness to work in rotational including night shifts

Education & Experience

• Bachelor’s degree in computer science, Information Security, IT, or related field
• Minimum 2+ years of experience in SOC, IT Security, or related technical roles

Preferred Certifications (Good to Have)

• CompTIA Security+
• CEH (Certified Ethical Hacker)
• Microsoft SC-200 / SC-900
• Any SIEM or EDR vendor-specific certification

Work Environment & Expectations

• 24/7 rotational shift model, including nights, weekends, and holidays
• High-responsibility role requiring continuous monitoring and rapid response
• Must comply with SOC operational standards, including approved workstation and monitoring setup

Career Growth

• Opportunity to progress to SOC Analyst L2 / L3, Incident Responder, Threat Hunter, or Detection Engineer roles based on performance and skill development