SOC Analyst

Join KPMG Assurance and Consulting Services LLP as a Security Analyst specializing in Incident Monitoring & SIEM within our Security Operations Center (SOC) in Gurugram. This hybrid role focuses on the continuous monitoring, detection, analysis, and initial response to security incidents. You will leverage SIEM and security monitoring tools, requiring hands-on experience with platforms like Splunk, ArcSight, QRadar, RSA SA, Microsoft Sentinel, and CrowdStrike. A strong understanding of endpoint, network, and cloud security solutions is essential.

Key Responsibilities:

• Perform real-time security monitoring and analysis of alerts from SIEM tools.
• Investigate, analyze, and triage security events and incidents to determine severity, scope, and impact.
• Execute initial incident response activities, including containment, escalation, and documentation.
• Monitor and analyze alerts from EDR, Antivirus, Firewall, IPS, Deception, and other security tools.
• Identify false positives and fine-tune SIEM rules and alert thresholds.
• Adhere to and recommend improvements for incident response playbooks and SOPs.
• Escalate confirmed incidents to L2/L3 teams with clear analysis, evidence, and recommendations.
• Maintain accurate incident records in ticketing systems and prepare shift handover notes.
• Support compliance and audit requirements by maintaining logs, reports, and evidence.
• Collaborate with internal teams and stakeholders during security incidents.
• Participate in threat-hunting activities and proactive monitoring.

Required Skills & Technical Expertise:

SIEM & Monitoring:

• Hands-on experience with one or more SIEM platforms (Splunk, IBM QRadar, Micro Focus ArcSight, RSA Security Analytics, Microsoft Sentinel).
• Proficiency in log analysis, correlation rules, dashboards, and alerts.

Endpoint & Network Security:

• Strong understanding of EDR solutions (e.g., CrowdStrike, Defender ATP), Antivirus solutions, Firewalls, IDS/IPS, and Deception technologies.
• Knowledge of network protocols (TCP/IP, DNS, HTTP/HTTPS, SMTP, VPN).

Security Concepts:

• Understanding of cyber attack techniques (Phishing, Malware, Ransomware, Brute Force, Lateral Movement).
• Familiarity with the MITRE ATT&CK framework and the Incident Response lifecycle.
• Experience with Windows and Linux operating systems and logs.

Qualifications & Experience:

• Bachelor’s degree in Computer Science, Information Security, or a related field (preferred).
• Experience in SOC / Cyber Security Operations / Incident Monitoring.
• Mandatory experience working in 24x7 SOC environments.

Preferred Certifications (Good to Have):

• CompTIA Security+
• CEH
• GCIH
• Microsoft SC200
• Splunk / QRadar / ArcSight certifications

Soft Skills:

• Strong analytical and problem-solving skills.
• Ability to work under pressure and handle multiple incidents.
• Good verbal and written communication skills.
• Strong documentation and reporting abilities.
• Team player with a proactive mindset.