Senior Security Analyst (L3 / Threat Lead)

Job Title: Senior Security Analyst (L3 / Threat Lead)

Department: Security Operations Center (SOC) / CSIRT

Location: Delhi

Shift Model: 24x7 Operations

Candidates from in and around Delhi alone are preferred

Role Overview

The Senior Security Analyst (L3 / Threat Lead) serves as the highest technical escalation point within the SOC and leads advanced threat detection, incident response, and threat intelligence functions.

This role is responsible for investigating sophisticated cyber threats including APTs, nation-state campaigns, and multi-stage attack chains, while driving detection engineering maturity and strengthening organisational cyber resilience in alignment with regulatory frameworks including CERT-In directives.

Key Responsibilities

1. Advanced Incident Investigation & Escalation

• Act as the final escalation point for all L1/L2 analyst escalations.
• Conduct deep-dive investigations of advanced persistent threats (APTs), nation-state campaigns, and complex attack chains.
• Correlate telemetry across SIEM, UEBA, NDR, Deception, and ASM platforms.
• Lead containment, eradication, and recovery efforts for high-severity incidents.

2. Threat Hunting & MITRE ATT&CK Mapping

• Conduct proactive threat hunting using hypothesis-driven, IOC-driven, and anomaly-based methodologies.
• Map confirmed incidents to MITRE ATT&CK TTPs.
• Identify detection gaps and enhance coverage across SOC platforms.
• Develop advanced:
• SIEM correlation rules
• UEBA behavioral baselines
• NDR anomaly signatures

3. End-to-End Incident Response Leadership

• Lead investigations for incidents classified as CERT-In severity High and above.
• Oversee:
• Evidence preservation
• Forensic artifact collection
• Timeline reconstruction
• Root cause analysis
• Perform forensic analysis across memory, disk, and network artifacts.
• Produce executive-level incident reports for leadership and regulatory stakeholders.

4. Detection Engineering Ownership

• Own the full detection engineering lifecycle:
• Design
• Testing
• Tuning
• Optimization
• Deprecation
• Maintain measurable precision and recall metrics.
• Develop and optimize:
• SIEM rules
• SOAR playbooks
• UEBA models
• NDR policies
• Deception lure configurations
• ASM discovery rules

5. Team Leadership & Capability Development

• Mentor L1/L2 analysts through structured skill development programs.
• Conduct:
• Weekly case reviews
• Tabletop exercises
• Purple team simulations
• Ensure team readiness against emerging threats, zero-day vulnerabilities, and India-specific threat actor TTPs.

6. Threat Intelligence & Stakeholder Reporting

• Produce weekly and monthly threat intelligence briefs for CISO and executive leadership.
• Maintain updated threat actor profiles relevant to the organizations industry.
• Coordinate intelligence sharing with:
• CERT-In
• NCIIPC
• Sector-specific ISACs
• Provide strategic recommendations to improve security posture.

Required Qualifications

• B.Tech / M.Tech in Computer Science, Information Security, or Cybersecurity.

Work Experience :

• Minimum 7 years of experience in SOC/CSIRT operations.
• At least 2 years in an L3 or Lead Analyst role within enterprise SOC environments.

Technical Expertise Requirements

• Expert-level proficiency in MITRE ATT&CK framework mapping.
• Strong threat hunting experience (hypothesis-driven, IOC-driven, anomaly-driven).
• Hands-on detection content development across SIEM, UEBA, and NDR platforms.
• Proven experience leading incident response for enterprise intrusions.
• Advanced forensic analysis skills (memory, disk, network).
• Experience with malware triage and reverse engineering fundamentals.
• Strong SOAR playbook development and automation expertise.
• Experience configuring Deception technologies (honeypots, honeytokens, breadcrumbs).

Company Website : https://innspark.in/