SOC Analyst L1

We are seeking a Security Operations (SecOps) Analyst (L1) with 3-5 years of experience for our Gurgaon, Haryana, India location. This role requires immediate joining and involves rotational shifts (24x7, 5 on 2 off).

As part of Rackspace Cyber Defence, you will be instrumental in protecting our customers' on-premises, private cloud, public cloud, and multi-cloud environments against evolving cyber threats. Your primary responsibilities will include detecting, analyzing, and responding to security alerts, triaging incidents, and liaising with customer stakeholders.

Key Accountabilities:

• Ensure customer environments remain secure by timely threat detection and resolution.
• Analyze, handle, and escalate alerts from cloud-native SIEM platforms.
• Conduct preliminary investigations, act according to knowledge base, and identify false positives.
• Follow SLA notification processes based on alert severity and create tickets in the customer's ITSM system.
• Update runbooks, playbooks, and knowledge base documents.
• Share SLA details for weekly and monthly reports.
• Provide data for use case creation, detection engineering, and threat detection tuning.
• Identify critical customer assets using technical tools and interviews.
• Utilize and enhance relevant technology tooling for security policy enforcement.
• Leverage threat intelligence platforms and OSINT to understand the latest threats and adversary TTPs.
• Automate security processes to enhance monitoring capabilities.
• Ensure vulnerabilities are resolved within agreed SLA times.
• Maintain strong working relationships with incident response, disaster recovery, and information security teams.
• Willingness to work in a 24/7 rotational shift environment.

Skills & Experience:

• 3-5 years of experience as a Security Operations Analyst/Engineer.
• Experience with large-scale public cloud environments and cloud-native security monitoring tools such as Microsoft Sentinel, Microsoft 365 Defender, Microsoft Defender for Cloud.
• Experience with Endpoint Detection & Response (EDR) tools (e.g., Crowdstrike, Microsoft Defender for Endpoint).
• Familiarity with firewalls and network security tools (e.g., Palo Alto, Fortinet, Juniper, Cisco).
• Experience with Web Application Firewall (WAF) tools (e.g., Cloudflare, Akamai, Azure WAF).
• Knowledge of Email Security tools (e.g., Proofpoint, Mimecast, Microsoft Defender for Office).
• Familiarity with Data Loss Prevention (DLP) tools (e.g., Microsoft Purview, McAfee, Symantec).
• Nice to have: GCP security tools (Chronicle, Security Command Centre), AWS security tools (Security Hub, Guard Duty, Macie, Config, CloudTrail).
• Experience analyzing malware and email headers; skills in network security, intrusion detection/prevention systems, operating systems, risk and threat identification/analysis, and log analysis.
• Knowledge of security controls (network access, IAAM, IDS/IPS).
• Understanding of security standards like NIST, ISO27001, CIS, OWASP, and CCM.
• Knowledge of scripting/coding (Terraform, Python, JavaScript, Go, Bash, PowerShell).
• Knowledge of DevOps practices (CI/CD, Azure DevOps, CircleCI, GitHub Actions, Ansible, Jenkins).
• A Computer Science, Engineering, or IT-related degree is preferred but not strictly required.
• Relevant certifications (e.g., CISSP, AZ500, SC-200, CREST, SSCP, CCSP, GCIH, GSOC) are a plus.
• Highly self-motivated, proactive, detail-oriented, and a strong problem-solver with a passion for learning and growth in security operations, programming, and security architecture.
• Ability to prioritize, multitask, and work under pressure.
• A commitment to delivering exceptional customer experiences.

Join Rackspace Technology, a leader in multicloud solutions, and be part of a team that embraces technology, empowers customers, and shapes the future.