Security Analyst (L2 – Triage & Investigation)

Job Title: Security Analyst (L2 Triage & Investigation)

Department: Security Operations Center (SOC)

Location: Delhi

Shift Model: 24x7 Operations

Candidates from in and around Delhi alone are preferred

Role Overview

The Security Analyst (L2 Triage & Investigation) is responsible for advanced alert triage, cross-platform correlation, structured threat hunting, and detailed incident investigations within the SOC.This role acts as the analytical bridge between L1 monitoring and L3 threat leadership, ensuring accurate detection validation, attack narrative reconstruction, and timely remediation aligned with regulatory requirements such as CERT-In directives.

Key Responsibilities

1. Perform detailed triage and investigation of escalated security events from L1, correlate alerts across SIEM, UEBA anomaly scores, NDR flow data, Deception triggers, and ASM exposure findings to determine true positive incidents with full attack narrative.
2. Execute established SOAR playbooks for incident containment, enrichment, and response actions; identify gaps in automation coverage and propose new playbook requirements to L3 leads with documented use cases and expected efficiency gains.
3. Conduct structured threat hunting campaigns on a weekly rotation using SIEM queries, UEBA deviation analysis, NDR traffic inspection, and Deception telemetry to identify threats that bypass automated detection; document all hunts with hypothesis, methodology, and findings.
4. Maintain and tune detection rules, UEBA behavioural models, and NDR baseline policies within defined parameters; track false positive rates, alert fidelity scores, and mean-time-to-investigate; escalate tuning recommendations beyond threshold to L3.
5. Produce detailed incident investigation reports for every confirmed incident including IOCs, affected assets, timeline, impact assessment, and remediation verification within SLA timelines defined by CERT-In severity classification.
6. Actively monitor Attack Surface Management findings; validate exposed assets, assess vulnerability context against threat intelligence, and coordinate remediation tracking with IT operations teams.

Required Qualifications

• B.Tech / B.E. in Computer Science, IT, Information Security, or Cybersecurity.

Experience Requirement

• Minimum 4 years of hands-on experience in a SOC environment performing alert triage, incident investigation, and threat analysis.

Technical Skill Requirements

• Working proficiency across all six SOC platforms.
• Ability to pivot between SIEM log searches, UEBA anomaly dashboards, NDR packet/flow analysis, Deception alert triage, and ASM exposure reports during a single investigation workflow.
• Strong knowledge of network protocols (TCP/IP, DNS, HTTP/S, SMB, Kerberos), operating system internals (Windows Event Logs, Linux audit logs, Active Directory), and common attack frameworks (MITRE ATT&CK, Cyber Kill Chain).
• Experience with scripting/automation (Python, PowerShell, KQL/SPL) for investigation acceleration, IOC extraction, and bulk data analysis.

Company Website : https://innspark.in/