SOC Analyst II

Saviynt is building a next-generation Security Operations Center (SOC) for the cloud-first era, moving beyond traditional reactive methods to create an intelligent, automated SOC powered by deep cloud security expertise to combat advanced threats.

We are seeking a motivated and detail-oriented L2 SOC Analyst to join our 24/7 operations team. This is a hands-on role for an analyst who excels at investigating complex alerts, leveraging automation for accelerated response, and possesses a passion for cloud security. You will be the primary point of in-depth analysis, validating, investigating, and containing threats escalated from L1 analysts.

Please note: This is a 24/7 operational role with the SOC team working in three rotating shifts (morning, afternoon, and night) to ensure continuous monitoring and response.

What You Will Be Doing

Incident Triage & Investigation

• Serve as the primary escalation point for alerts triaged by L1 analysts and automated systems.
• Conduct detailed analysis of security alerts from various sources including SIEM, EDR, CSPM, and cloud-native tools to validate threats and determine their scope.
• Investigate security incidents within our enterprise and cloud environments (AWS, Azure, GCP), correlating data to build a comprehensive understanding of attacker activity.
• Perform deep-dive analysis of logs, network packets, and endpoint data to identify Indicators of Compromise (IOCs).

Incident Response & Automation

• Execute and tune automated response playbooks using our SOAR platform for common security incidents.
• Perform timely incident response actions, such as isolating compromised hosts, blocking malicious IPs/domains, and disabling compromised accounts.
• Utilize and modify existing scripts (primarily Python) to facilitate automated evidence collection and enrichment.
• Document all investigation steps, findings, and containment actions within our incident management system.

Threat Hunting & Cloud Monitoring

• Participate in guided threat hunting campaigns driven by new threat intelligence or hypotheses from senior analysts.
• Actively monitor and analyze security logs from cloud-native tools such as AWS GuardDuty, CloudTrail, Cloudflare, and Azure.
• Assist in tuning detection rules and identifying false positives to improve the fidelity of our security alerts.

Continuous Improvement & Collaboration

• Escalate complex, high-severity, or unresolved incidents to L3 Analysts and the Incident Response team with detailed handover notes.
• Contribute to the refinement of SOC documentation, including Standard Operating Procedures (SOPs) and investigation runbooks.
• Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis.

What You Bring

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night).
• 4-6 years of experience in a Security Operations (SOC) environment, with demonstrated L2 capabilities.
• Cloud Security Experience: Hands-on experience monitoring and responding to alerts in at least one major cloud provider (AWS, Azure, or GCP).
• Technical Expertise: Strong, hands-on experience with SIEM (e.g., Splunk, QRadar, Azure Sentinel) and EDR (e.g., CrowdStrike, SentinelOne) platforms.
• Automation Familiarity: Experience using a SOAR platform and familiarity with scripting (Python preferred) for basic automation or analysis tasks.
• Strong working knowledge of the MITRE ATT&CK framework and its application to incident analysis.

Why Join Us

• Be at the forefront of a modern, cloud-focused Security Operations Center.
• Gain deep, hands-on experience with cutting-edge cloud security, automation, and threat intelligence technologies.
• A clear career path for growth into L3, threat hunting, or automation engineering roles.
• Collaborate with world-class security and engineering leaders in a high-impact, operational role.