SOC Analyst (L1/L2)

SOC Analyst (L1/L2) - Company: CyboSec Technologies Pvt. Ltd. - Department: Cybersecurity Operations - Location: Coimbatore, Tamil Nadu (On-site) - Employment Type: Full-Time - Experience: 2–4 Years - Shift Schedule: Flexibility to work in 24/7 rotational shifts (including night and weekend rotations) - Salary: As per industry standards (Commensurate with experience and domain expertise) About CyboSec CyboSec Technologies is a rapidly growing cybersecurity company delivering enterprise-grade Security Operations Center (SOC), Managed Detection & Response (MDR), Endpoint Security, Cloud Security, Vulnerability Management, and Incident Response services to organizations globally. We are seeking a skilled, analytical, and highly motivated SOC Analyst (L1/L2) to join our core cybersecurity operations team in Coimbatore and protect our customers from a rapidly evolving threat landscape. Job Summary The SOC Analyst will be responsible for real-world monitoring, investigation, and defensive response to security alerts and incidents across customer environments. Operating within a 24/7 environment, you will handle initial alert triaging (L1) as well as deeper analysis, root-cause investigation, and containment execution (L2). This role offers an exceptional opportunity to work directly with advanced, enterprise-grade defensive security technologies in a fast-paced managed security ecosystem. Key Responsibilities - Real-time Monitoring: Actively monitor, analyze, and correlate security events and alerts coming from SIEM, EDR/XDR, Firewalls, and Cloud Security platforms. - Incident Investigation (L1/L2): Investigate suspicious activities and threat indicators. Act as an escalation point for complex alerts requiring deep-dive log analysis. - Triage & Containment: Execute incident response playbooks to triage, contain, isolate, and remediate validated security incidents to minimize client impact. - Log Analysis: Dissect endpoint, network, application, and system audit logs to reconstruct attack timelines and identify root causes. - Proactive Threat Hunting: Conduct routine, proactive threat-hunting exercises using threat intelligence feeds and behavioral indicators. - Playbook Optimization: Support the engineering team in tuning SIEM alert rules, optimizing SOC playbooks, and reducing false positives. - Reporting & Documentation: Document comprehensive incident timelines, draft post-incident reports, and maintain updated internal security documentation. - Client Collaboration: Communicate clearly and professionally with clients during critical security incidents, guiding them through remediation steps. Required Skills & Qualifications - Experience: 2–4 years of hands-on experience working inside a production Security Operations Center (SOC) or Managed Security Services (MSSP) environment. - Incident Response: Strong knowledge of the incident response lifecycle (NIST/SANS frameworks) and daily defensive security operations. - Networking Foundations: Comprehensive understanding of core networking protocols (TCP/IP, DNS, HTTP/S, VPN, Routing, Switching) and firewall architectures. - Threat Matrix Knowledge: Solid grasp of modern attack methodologies, including malware analysis, phishing mechanisms, ransomware execution, and living-off-the-land techniques. - Frameworks: Practical experience mapping active threat actor behaviors to the MITRE ATT&CK framework and Cyber Kill Chain. - OS Security: Deep familiarity with Windows, Linux, and Active Directory security architecture, logging mechanisms, and event IDs. - Communication: Strong verbal and written communication skills, with an ability to document technical findings clearly for non-technical clients. Preferred Technical Toolset Direct, practical experience with one or more of the following platforms will be highly prioritized: - SIEM Platforms: Microsoft Sentinel, Splunk, QRadar, Wazuh - EDR/XDR Solutions: CrowdStrike, Sophos, SentinelOne, Microsoft Defender, Todyl Security Platform - Cloud Security: AWS Security Hub, Microsoft Azure Security, GCP Security Command Center - Assessment Tools: Nessus, Wireshark, Nmap, Burp Suite Preferred Certifications Possessing any of the following professional industry certifications is a strong advantage: - CompTIA Security+ / CompTIA CySA+ - Certified SOC Analyst (CSA) / CEH (Certified Ethical Hacker) - Microsoft Certified: Security Operations Analyst Associate (SC-200) - GIAC Certified Detection Analyst (GCDA) / GCIH - Splunk Core Certified User / Analyst Educational Background - B.E. / B.Tech in Computer Science, Information Technology, or Cybersecurity. - BCA / MCA / B.Sc. / M.Sc. in Computer Science. - Equivalent specialized professional degree/diploma in Cybersecurity. What We Offer - Competitive salary package with structured performance rewards. - Direct exposure to multi-tenant, enterprise cybersecurity architectures and live security incidents. - Continuous professional certification support and training allowances. - A transparent, learning-focused, and highly collaborative engineering environment. - Accelerated career advancement opportunities into Threat Hunting, Incident Response leadership, or Security Architecture.