IDS - Security Operations Engineer (SOC)

location - Pune

*Fortinet IDS platforms and SIEM (Splunk) experience is* mandatory.

Requirements:

Years of work experience: 5 year(s)

Responsibilities:

Key Responsibilities:

Level 1 (L1) – IDS Operations

Provide 24x7 monitoring of IDS alerts using monitoring and SIEM tools

Perform initial alert triage and validation, distinguishing false positives from genuine security events

Execute basic investigation and checks using approved runbooks and standard operating procedures (SOPs)

Acknowledge, log, and track incidents in ITSM tools in line with operational processes

Apply pre-approved standard actions (e.g., alert suppression, authorised service restarts)

Escalate incidents to L2 teams with complete and accurate contextual information, including findings and actions taken

Level 2 (L2) – IDS Engineering & Advanced Operations

Conduct in depth investigation of IDS alerts and incidents escalated from L1

Validate, analyze, and resolve complex IDS events

Perform IDS rule and signature analysis, tuning configurations to reduce false positives while maintaining detection effectiveness

Troubleshoot issues related to blocked traffic, IDS signatures, and policy mismatches

Implement standard IDS changes through approved change management processes

Support problem management activities, including root cause analysis (RCA) and remediation recommendations

Required Skills & Experience:

Strong understanding of network security and intrusion detection concepts

Experience working with Fortinet IDS platforms, monitoring tools, and SIEM (Splunk) solutions

Familiarity with incident management, ITSM tools, and escalation processes

Ability to follow and execute runbooks, SOPs, and operational procedures

Strong analytical and troubleshooting skills

Clear written and verbal communication, especially during incident escalation

Preferred Attributes:

Experience operating in a 24x7 security operations environment

Exposure to rule tuning, policy management, and alert optimization

Experience contributing to RCA and problem management processes

Ability to collaborate effectively across security and engineering teams

Language skills (must have):

English Native or bilingual proficiency