HM
SENIOR ENGINEER - SOC Monitoring
Accepting applicationsHappiest Minds Technologies · Bengaluru, Karnataka, India
Full-Time Mid_senior PythonSOC
Estimated market salary
₹25-44 LPA
This is a SiliconBoard market estimate, not an employer-posted salary.
Posted
11 Jun
Category
Design
Experience
Mid_senior
Country
India
Job Description:
SOC Incident Response + Threat Intelligence / Threat Hunting (L2)
Position Title
L2 Security Analyst SOC Incident Response, Threat Intelligence & Threat Hunting
Experience
4 to 6 years in Cyber Security Operations, Incident Response, Threat Intelligence, and Threat Hunting
Location
Flexible / Hybrid / Onsite
Role Summary
We are looking for an experienced L2 SOC Security Analyst with strong expertise in Incident Response (IR), Threat Intelligence (TI), and proactive Threat Hunting. The candidate will act as a senior escalation point for high-severity security incidents, conduct advanced investigations, develop threat hunting hypotheses, and provide actionable intelligence to improve the organization's overall security posture.
The role requires hands-on expertise across SIEM, EDR/XDR, network security monitoring, malware analysis, threat intelligence platforms, and cloud security monitoring.
Key Responsibilities
Incident Response & Security Operations
Lead investigation and response activities for complex security incidents including:
Ransomware
Advanced Persistent Threats (APT)
Insider threats
Credential compromise
Web application attacks
Cloud security incidents
Data exfiltration
Lateral movement
Privilege escalation
Perform advanced triage and root cause analysis using:
SIEM
EDR/XDR
Network telemetry
Threat intelligence feeds
Cloud logs
Endpoint forensics
Handle L2 escalations from L1 SOC analysts.
Conduct incident containment, eradication, and recovery coordination.
Develop and improve:
Incident response playbooks
Detection use cases
Correlation rules
SOC runbooks
Automation workflows
Coordinate with infrastructure, cloud, application, and business teams during major incidents.
Prepare executive and technical incident reports with actionable recommendations.
Threat Intelligence Responsibilities
Monitor and analyze cyber threat intelligence from:
Commercial TI platforms
Open-source intelligence (OSINT)
Government/CERT advisories
Dark web monitoring
Vendor threat reports
Enrich alerts with Indicators of Compromise (IOCs), TTPs, malware intelligence, and adversary attribution.
Map adversary activities to:
MITRE ATT&CK
Cyber Kill Chain
Diamond Model
Analyze emerging threats, zero-days, ransomware campaigns, and targeted attack trends.
Provide strategic and operational threat advisories to SOC and leadership teams.
Create threat intelligence reports, executive summaries, and threat landscape assessments.
Threat Hunting Responsibilities
Conduct proactive threat hunting using hypothesis-driven methodologies.
Hunt for:
Persistence mechanisms
Beaconing activity
Credential dumping
Living-off-the-land (LOLBins)
Command & Control (C2)
Suspicious PowerShell activity
Lateral movement
Cloud anomalies
Use telemetry from:
SIEM
EDR/XDR
DNS
Proxy
Firewall
Identity systems
Cloud platforms
Develop custom queries and analytics for detecting stealthy attacker behavior.
Identify detection gaps and recommend logging improvements.
Convert hunt findings into production-grade detection use cases.
Required Technical Skills
SIEM & Security Monitoring
Strong hands-on experience with one or more:
IBM QRadar
Microsoft Sentinel
Splunk Enterprise Security
ArcSight
LogRhythm
EDR/XDR Technologies
Experience with:
CrowdStrike Falcon
Microsoft Defender for Endpoint
SentinelOne
Palo Alto Cortex XDR
Threat Intelligence Platforms
Experience with:
Recorded Future
Anomali ThreatStream
MISP
ThreatConnect
Cloud & Infrastructure Security
Knowledge of:
Amazon Web Services security monitoring
Microsoft Azure security services
Google Cloud Platform logging and detections
Identity security and IAM monitoring
Container/Kubernetes security basics
Investigation & Analysis Skills
Malware triage and behavioral analysis
Windows/Linux forensic analysis
Memory and disk artifact analysis
Packet analysis using Wireshark
Threat actor TTP analysis
IOC enrichment and validation
Scripting & Automation
Good knowledge of:
Python
PowerShell
KQL
SPL
Regex
API integrations
SOAR automation
Desired Certifications
Preferred certifications include:
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Intrusion Analyst (GCIA)
Certified Threat Intelligence Analyst (CTIA)
EC-Council Certified Ethical Hacker (CEH)
ISC2 CISSP
Security vendor certifications
Key Competencies
Strong analytical and investigative mindset
Excellent communication and stakeholder management
Ability to work during high-pressure incidents
Deep understanding of attacker methodologies
Strong documentation and reporting capability
Mentoring and guidance for junior analysts
Ability to independently lead investigations
Preferred Exposure
MDR/MSSP environment
Healthcare / BFSI / Critical infrastructure domains
Threat hunting frameworks
Purple team exercises
MITRE ATT&CK-based detection engineering
SOAR platforms and automation
Cloud-native SOC operations
Typical Deliverables
Incident investigation reports / RCA
Threat intelligence advisories
Hunting reports and findings
Detection use cases
IOC/TTP repositories / MITRE
Executive risk summaries
Threat landscape assessments
SOC maturity improvement recommendations
Presentation skills
Communication skills
Show more Show less
SOC Incident Response + Threat Intelligence / Threat Hunting (L2)
Position Title
L2 Security Analyst SOC Incident Response, Threat Intelligence & Threat Hunting
Experience
4 to 6 years in Cyber Security Operations, Incident Response, Threat Intelligence, and Threat Hunting
Location
Flexible / Hybrid / Onsite
Role Summary
We are looking for an experienced L2 SOC Security Analyst with strong expertise in Incident Response (IR), Threat Intelligence (TI), and proactive Threat Hunting. The candidate will act as a senior escalation point for high-severity security incidents, conduct advanced investigations, develop threat hunting hypotheses, and provide actionable intelligence to improve the organization's overall security posture.
The role requires hands-on expertise across SIEM, EDR/XDR, network security monitoring, malware analysis, threat intelligence platforms, and cloud security monitoring.
Key Responsibilities
Incident Response & Security Operations
Lead investigation and response activities for complex security incidents including:
Ransomware
Advanced Persistent Threats (APT)
Insider threats
Credential compromise
Web application attacks
Cloud security incidents
Data exfiltration
Lateral movement
Privilege escalation
Perform advanced triage and root cause analysis using:
SIEM
EDR/XDR
Network telemetry
Threat intelligence feeds
Cloud logs
Endpoint forensics
Handle L2 escalations from L1 SOC analysts.
Conduct incident containment, eradication, and recovery coordination.
Develop and improve:
Incident response playbooks
Detection use cases
Correlation rules
SOC runbooks
Automation workflows
Coordinate with infrastructure, cloud, application, and business teams during major incidents.
Prepare executive and technical incident reports with actionable recommendations.
Threat Intelligence Responsibilities
Monitor and analyze cyber threat intelligence from:
Commercial TI platforms
Open-source intelligence (OSINT)
Government/CERT advisories
Dark web monitoring
Vendor threat reports
Enrich alerts with Indicators of Compromise (IOCs), TTPs, malware intelligence, and adversary attribution.
Map adversary activities to:
MITRE ATT&CK
Cyber Kill Chain
Diamond Model
Analyze emerging threats, zero-days, ransomware campaigns, and targeted attack trends.
Provide strategic and operational threat advisories to SOC and leadership teams.
Create threat intelligence reports, executive summaries, and threat landscape assessments.
Threat Hunting Responsibilities
Conduct proactive threat hunting using hypothesis-driven methodologies.
Hunt for:
Persistence mechanisms
Beaconing activity
Credential dumping
Living-off-the-land (LOLBins)
Command & Control (C2)
Suspicious PowerShell activity
Lateral movement
Cloud anomalies
Use telemetry from:
SIEM
EDR/XDR
DNS
Proxy
Firewall
Identity systems
Cloud platforms
Develop custom queries and analytics for detecting stealthy attacker behavior.
Identify detection gaps and recommend logging improvements.
Convert hunt findings into production-grade detection use cases.
Required Technical Skills
SIEM & Security Monitoring
Strong hands-on experience with one or more:
IBM QRadar
Microsoft Sentinel
Splunk Enterprise Security
ArcSight
LogRhythm
EDR/XDR Technologies
Experience with:
CrowdStrike Falcon
Microsoft Defender for Endpoint
SentinelOne
Palo Alto Cortex XDR
Threat Intelligence Platforms
Experience with:
Recorded Future
Anomali ThreatStream
MISP
ThreatConnect
Cloud & Infrastructure Security
Knowledge of:
Amazon Web Services security monitoring
Microsoft Azure security services
Google Cloud Platform logging and detections
Identity security and IAM monitoring
Container/Kubernetes security basics
Investigation & Analysis Skills
Malware triage and behavioral analysis
Windows/Linux forensic analysis
Memory and disk artifact analysis
Packet analysis using Wireshark
Threat actor TTP analysis
IOC enrichment and validation
Scripting & Automation
Good knowledge of:
Python
PowerShell
KQL
SPL
Regex
API integrations
SOAR automation
Desired Certifications
Preferred certifications include:
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Intrusion Analyst (GCIA)
Certified Threat Intelligence Analyst (CTIA)
EC-Council Certified Ethical Hacker (CEH)
ISC2 CISSP
Security vendor certifications
Key Competencies
Strong analytical and investigative mindset
Excellent communication and stakeholder management
Ability to work during high-pressure incidents
Deep understanding of attacker methodologies
Strong documentation and reporting capability
Mentoring and guidance for junior analysts
Ability to independently lead investigations
Preferred Exposure
MDR/MSSP environment
Healthcare / BFSI / Critical infrastructure domains
Threat hunting frameworks
Purple team exercises
MITRE ATT&CK-based detection engineering
SOAR platforms and automation
Cloud-native SOC operations
Typical Deliverables
Incident investigation reports / RCA
Threat intelligence advisories
Hunting reports and findings
Detection use cases
IOC/TTP repositories / MITRE
Executive risk summaries
Threat landscape assessments
SOC maturity improvement recommendations
Presentation skills
Communication skills
Show more Show less
Similar Jobs
M
MTS, Analog Design Engineering
Micron · Boise, United States, North America
M
Senior Engineer, STPG PE (FDV-Verilog)
Micron · Singapore, Singapore, Asia
M
Digital IC Design Engineer - Early Career
Marvell · Westborough, United States, North America
M
Staff Firmware/Software Engineer- Embedded SoC/Microcontroller/DSP/SERDES/AEC/Microled/ODSP/PHY/AI Connectivity
Marvell · Santa Clara, United States, North America