Security Analyst II

Gruve is seeking a highly skilled Security Analyst (Level 2) to join our Managed Security Service Provider (MSSP) Security Operations Center (SOC) team in Pune. This role is crucial for maintaining and enhancing our clients' cybersecurity posture.

Key Responsibilities

• Threat Detection and Response: Analyze and investigate security alerts, events, and incidents from SIEM, XDR, and EDR solutions.
• Incident Investigation and Handling: Conduct in-depth investigations, assess impact, and implement appropriate response actions for security incidents.
• Incident Escalation and Communication: Escalate critical incidents to Level 3 analysts or senior security teams, ensuring detailed documentation.
• Content Management: Develop and fine-tune correlation rules, use cases, and alerts within SIEM/XDR platforms to enhance detection accuracy.
• Malware Analysis: Perform basic malware analysis and forensic investigations to identify and understand threats.
• Customer Request Handling: Collaborate with clients to address security concerns, provide expert recommendations, and respond to inquiries.
• SIEM Administration: Support the administration and maintenance of SIEM tools such as Splunk or QRadar, ensuring operational efficiency.
• Automation and Playbooks: Leverage Python scripting for automation, troubleshooting, and the development of SOC playbooks to improve efficiency.
• Reporting and Documentation: Prepare comprehensive reports on security incidents, observed trends, and recommended mitigation strategies.

Basic Qualifications

• Bachelor of Engineering/Technology in Computer Science, Information Technology, or a Master's in Cybersecurity.
• Minimum of 3 years of experience in a SOC or cybersecurity operations role.
• Strong knowledge of SIEM tools (Splunk, QRadar) and XDR/EDR solutions.
• Hands-on experience in threat detection, security monitoring, and incident response.
• Understanding of network security, intrusion detection, malware analysis, and forensics.
• Basic experience in SIEM administration, including log ingestion, rule creation, and dashboard management.
• Proficiency in Python scripting for automation and playbook development.
• Good understanding of the MITRE ATT&CK framework, security frameworks (NIST, ISO 27001), and threat intelligence principles.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work in a 24x7 SOC environment (if applicable).

Preferred Qualifications

• Certified SOC Analyst (CSA)
• Certified Incident Handler (GCIH, ECIH)
• Splunk Certified Admin / QRadar Certified Analyst
• CompTIA Security+ / CEH / CISSP (preferred but not mandatory)