• Oversee and prioritize security alerts across SIEM, EDR, cloud security, identity, and additional platforms.

• Conduct initial investigations on escalated incidents, gathering and correlating evidence from various log sources.

• Implement containment and remediation measures according to established escalation thresholds.

• Ensure precise and timely documentation within the incident tracking system.

• Contribute to the development and tuning of YARA-L rules in Chronicle/Google SecOps.

• Aid in the maintenance of CrowdStrike Falcon IOA and prevention policies.

• Analyze and respond to SOCRadar threat intelligence feeds, correlating IOCs with internal telemetry.

• Identify detection deficiencies and suggest enhancements for coverage.

• Assess cloud security findings from different environments.

• Investigate identity anomalies, including unusual login behaviors and attempts to bypass MFA.

• Support cloud incident response investigations through log analysis.

• Create and update SOC runbooks and triage playbooks.

• Engage in knowledge transfer during shift transitions.

• Assist with security activities related to compliance.

• 2–4 years of experience in SOC, incident response, or security operations.

• Bachelor's degree (B. Tech) from a Tier 1 or Tier 2 institution.

• Practical experience with a SIEM platform (e.g., Chronicle, Splunk, Sentinel, or similar).

• Familiarity with EDR tools (CrowdStrike Falcon preferred).

• Basic understanding of cloud security concepts in AWS or GCP.

• Knowledge of identity threat patterns, including credential stuffing, MFA fatigue, and account takeovers.

• Ability to read and interpret various logs: authentication, network, endpoint, and cloud audit trails.

• Strong written communication skills for clear and concise incident documentation and escalation summaries.

• Exposure to CSPM/CWPP platforms.

• Familiarity with different log schemas.

• Proficiency in scripting with Python or similar for basic automation and log parsing.

• Relevant certifications such as CompTIA Security+, CySA+, GCIH, GCIA, or equivalent.

• AlphaSense is an equal-opportunity employer.

• Reasonable accommodations for qualified employees with disabilities.

Security Operations Analyst

People also viewed