SOC Analyst

Protera Technologies is seeking a vigilant SOC Analyst to join our dynamic cybersecurity team. This role is crucial for maintaining our organization's security posture through continuous monitoring, proactive threat detection, and efficient incident response. Leveraging advanced technologies such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Network Detection and Response (NDR), File Integrity Monitoring (FIM), and Next-Generation Antivirus (NGAV), you will identify and neutralize security threats in real-time. A key aspect of this position involves contributing to the design and implementation of automated playbooks using Security Orchestration, Automation, and Response (SOAR) platforms to enhance SOC efficiency and streamline response workflows. You will collaborate closely with cross-functional teams to refine detection strategies, improve operational processes, and ensure robust defenses against an ever-evolving threat landscape.

Key Responsibilities:

• Threat Monitoring & Detection: Analyze security alerts from SIEM, EDR, NDR, FIM, and Antivirus platforms to identify potential threats. Perform correlation and pattern analysis across various data sources to detect anomalies and sophisticated attack behaviors. Continuously tune and optimize detection rules to minimize false positives and enhance accuracy.
• Incident Response & Management: Execute all phases of the incident response lifecycle, including triage, containment, eradication, and recovery, adhering to NIST standards. Thoroughly document incidents, detailing root cause analysis, attack vectors, and corrective actions. Support post-incident reviews to identify security control gaps and propose improvements.
• Playbook Development & Automation: Develop, maintain, and enhance incident response playbooks and runbooks for standardized handling of recurring alerts. Collaborate with senior analysts to build SOAR playbooks for automated data enrichment, containment, and notification processes. Align playbooks with MITRE ATT&CK and Cyber Kill Chain frameworks for comprehensive adversarial tactic coverage.
• Vulnerability & Risk Management: Conduct regular vulnerability assessments and coordinate with IT teams for timely remediation. Evaluate system configurations and network architecture for potential risks, ensuring adherence to secure baselines. Track and report on vulnerability remediation metrics.
• Security Tooling & Integration: Manage and optimize EDR, SIEM, SOAR, FIM, NDR, and Antivirus tools for operational readiness. Integrate data sources and automate workflows between platforms to improve incident visibility and response times. Provide input on the design and deployment of new security solutions.
• File Integrity & Endpoint Protection: Monitor FIM systems for unauthorized modifications in critical files and directories. Analyze and respond to Antivirus/NGAV alerts to prevent and contain endpoint infections. Validate cleanup and verify system integrity post-remediation.
• Network Detection & Threat Intelligence: Utilize NDR tools to identify lateral movement, command-and-control (C2) traffic, and data exfiltration attempts. Integrate Threat Intelligence Feeds (STIX/TAXII) for enhanced situational awareness and detection context. Conduct proactive threat hunting based on known Tactics, Techniques, and Procedures (TTPs).
• Reporting & Compliance: Generate detailed reports and dashboards on incident metrics, trends, and SOC performance (e.g., MTTD, MTTR, volume by category). Ensure compliance with standards such as ISO 27001, SOC 2, GDPR, HIPAA, and NIST CSF. Support audits and assist in evidence gathering for compliance activities.

Requirements:

• Experience: Minimum of 4 years in SOC operations, cybersecurity, or incident response.
• Technical Expertise: Strong understanding of EDR, SIEM, SOAR, NDR, FIM, and Antivirus/NGAV platforms. Proven experience in writing playbooks, automating responses, and tuning detection logic. Familiarity with incident handling frameworks, threat hunting methodologies, and digital forensics.
• Framework Knowledge: Proficient with MITRE ATT&CK, Cyber Kill Chain, NIST IR, and ISO 27001.
• Certifications (Preferred): CompTIA Security+, CySA+, CEH, Microsoft SC-200, or equivalent.
• Tools Exposure (Preferred): SIEM: Splunk, Microsoft Sentinel, QRadar, Elastic. EDR/NDR: CrowdStrike Falcon, Defender for Endpoint, SentinelOne, Darktrace, Corelight. FIM/AV: Tripwire, Qualys FIM, Trellix/McAfee, Sophos, Bitdefender. SOAR: Cortex XSOAR, Splunk SOAR, Microsoft Sentinel Automation.

Desired Candidate Profile:

• Demonstrated experience in creating and maintaining incident response playbooks and runbooks.
• Ability to perform threat hunting and in-depth investigations using EDR, NDR, and SIEM telemetry.
• Knowledge of security automation, cloud-native security concepts, and network forensics.
• Excellent communication and documentation skills, adaptable for both technical and executive audiences.
• Proven ability to work effectively in high-pressure, time-sensitive environments while maintaining precision and accuracy.

Benefits:

• Work from Home setup
• Comprehensive medical benefits
• Gratuity, PF, EPS and Bonus, NPS
• Shift Allowances
• On-call Allowance
• Health and wellness Allowances
• Learning and Development Allowances
• No question asked certification policy.
• Certification Bounty Bonus.

Shift Timing: Rotational (24*7)