Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
- Gratuity calculator
  
  Check your gratuity amount
- HRA calculator
  
  Check how much of your HRA is tax-free
- Salary hike calculator
  
  Check your salary hike
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 2K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

Premium Employer

Infinite Computer Solutions

Compare

3.4

based on 1.5k Reviews

144 Infinite Computer Solutions Jobs

Specialist

Infinite Computer Solutions India Pvt. Ltd.

3.4

based on 1.5k Reviews

8-13 years

Bangalore / Bengaluru

1 vacancy

Specialist

Infinite Computer Solutions

posted 3hr ago

Job Role Insights

Flexible timing

Key skills for the job

Data Analysis Automation Testing Linux Administration Analytical Chemistry Windows System Administration Data Collection

+ 4 more

Job Description

Job Description

Tier 2 SOC Analyst
A Tier 2 SOC Analyst serves as a critical escalation point and deeper investigation resource within the SOC structure. They are expected to possess a more advanced skillset and broader knowledge base than Tier 1 analysts, allowing them to handle more complex security incidents and contribute to proactive security measures. Principal Duties and Responsibilities

Incident Investigation and Analysis
- Advanced Alert Triage and Analysis:
  - In-depth Investigation: Thoroughly investigate security alerts escalated from Tier 1 or directly generated by security tools. Go beyond initial triage and reconstruct event timelines, analyze logs across multiple systems, and correlate disparate data points.
  - Contextualization: Deeply understand the context of security incidents, including aEected assets, business impact, and potential attack vectors.
  - False Positive/Negative Analysis: Accurately diEerentiate between true positives, false positives, and potential false negatives. Analyze the root cause of false positives and propose tuning or improvement of detection rules. Investigate scenarios where detections might have been missed.
  - Determine Scope and Impact: Precisely define the scope of security incidents, including the number of systems aEected, data compromised, and potential business disruption. Assess the immediate and long-term impact of the incident.
  - Containment and Remediation Guidance: Provide actionable guidance to Tier 1 analysts and relevant teams (e. g. , IT, system administrators) on immediate containment steps and initial remediation actions based on the nature of the incident.
- Complex Security Incident Handling:
  - Lead Investigations for Complex Incidents: Take the lead in investigating more complex security incidents, such as suspected advanced persistent threats (APTs), sophisticated malware outbreaks, or significant data breaches.
  - Malware Analysis: Conduct basic malware analysis, including analysis of malware sandbox reports, identify indicators of compromise (IOCs), and determine its capabilities and potential impact.
  - Network Forensics: Perform network traEic analysis using tools like Wireshark or tcpdump to identify malicious network activity, analyze protocols, reconstruct network sessions, and extract relevant artifacts.
  - Endpoint Forensics: Utilize endpoint detection and response (EDR) tools and perform manual endpoint analysis to investigate compromised systems, analyze process execution, registry modifications, file system changes, and identify malicious artifacts.
  - Log Analysis: Perform log analysis across diverse systems and security devices (SIEM, firewalls, IDS/IPS, operating systems, applications). Develop complex queries and correlations to identify subtle indicators of malicious activity.
- Incident Documentation and Reporting o Detailed Incident Documentation: Create comprehensive incident reports documenting the entire investigation process, findings, analysis, containment steps, remediation actions, and lessons learned. Reports should be clear, concise, and actionable.
  - Develop Actionable Recommendations: Based on incident analysis, develop specific and actionable recommendations for improving security posture, enhancing detection capabilities, and preventing future incidents.
  - Incident Timeline Creation: Construct detailed timelines of security incidents, accurately mapping out the sequence of events to understand the attack lifecycle and identify critical points of compromise.
Threat Intelligence and Proactive Security
- Threat Intelligence Utilization:
  - Consume and Integrate Threat Intelligence: Actively consume threat intelligence feeds, reports, and briefings to stay updated on emerging threats, attack trends, and threat actor tactics, techniques, and procedures (TTPs). Integrate threat intelligence into investigations and detection strategies.
  - Contextualize Threats with Intelligence: Use threat intelligence to contextualize security incidents, identify potential threat actors involved, and understand their motivations and capabilities.
  - Proactive Threat Hunting: Participate in basic to intermediate threat hunting activities based on threat intelligence, anomaly detection, and observed patterns of malicious activity. Develop and execute hunt plans to proactively identify hidden or persistent threats within the environment.
- Detection Engineering and Improvement o Detection Rule Tuning and Optimization: Analyze false positive/negative incidents and proactively tune and optimize existing detection rules in security tools (SIEM, IDS/IPS, EDR) to improve detection accuracy and reduce alert fatigue.
  - Detection Gap Analysis: Identify gaps in current detection coverage based on threat intelligence, incident trends, and known attacker TTPs. Propose new detection rules and strategies to address these gaps.
  - Develop New Detections (Under Guidance): Contribute to the development of new detection rules and logic under the guidance of senior analysts or detection engineers, based on emerging threats and identified gaps.
Tooling, Technology, and Technical Proficiency
- Advanced Security Tool Proficiency:
  - SIEM Expertise: Proficiently utilize SIEM platforms for alert analysis, log investigation, correlation rule development, and report generation. Understand SIEM architecture and data flow.
  - EDR Expertise: Expertly leverage EDR tools for endpoint investigation, threat hunting, containment actions, and forensic data collection.
  - IDS/IPS Expertise: Understand IDS/IPS principles, analyze alerts, review signatures, and contribute to rule tuning.
  - Firewall Analysis: Analyze firewall logs, understand firewall rule sets, and use firewalls for containment actions.
- Scripting and Automation (Desirable, Increasingly Important):
  - Scripting Skills (e. g. , Python, PowerShell): Develop scripts for automating repetitive tasks, data analysis, and tool integration. IV. Collaboration, Communication, and Escalation
- Collaboration with Tier 1 and Other Teams: EEectively collaborate with Tier 1 analysts, providing guidance, mentorship, and knowledge transfer. Work collaboratively with other teams (IT, Engineering, Incident Response Team) as needed during incident response.
- Clear and Concise Communication: Communicate technical findings and analysis clearly and concisely to both technical and non-technical audiences (e. g. , management, other teams).
- EUective Escalation to Tier 3/Incident Response Team: Know when and how to appropriately escalate complex or high-severity incidents to Tier 3 analysts or the Incident Response Team, providing comprehensive context and analysis.

Level of Depth and Technical Proficiency:

- Deeper Technical Understanding: Tier 2 analysts require a deeper technical understanding of operating systems (Windows, Linux), networking protocols, security controls, and attack methodologies compared to Tier 1.
- Strong Analytical and Problem-Solving Skills: They must possess strong analytical and problem-solving skills to dissect complex security incidents, identify root causes, and develop eEective solutions.
- Hands-on Experience: They should have demonstrable hands-on experience with security tools and technologies and be comfortable performing detailed technical investigations.

Knowledge of Threat Actor Tools, Tactics, and Behavior:

- Solid Understanding of TTPs: Tier 2 analysts must have a solid understanding of common threat actor tactics, techniques, and procedures (TTPs) across diEerent attack stages (reconnaissance, initial access, persistence, lateral movement, exfiltration, etc. ).
- Familiarity with Threat Actor Groups: They should be familiar with common threat actor groups (APTs, cybercrime gangs) and their associated TTPs and tools.
- Knowledge of Attack Vectors and Exploits: Understanding common attack vectors (phishing, malware, web application attacks) and exploit methods is crucial for contextualizing incidents and identifying potential vulnerabilities.
- Staying Updated on Emerging Threats: Tier 2 analysts must continuously stay informed about new and emerging threats, vulnerabilities, and attack trends to maintain eEective detection and response capabilities.