Level 2 SOC Analyst (Cybersecurity) , Mumbai

We are a leading System Integrator and Managed Security Services provider, partnering with one of the region's most respected banking and financial services institutions to run their 24×7 Security Operations Centre. We are expanding our SOC team and are looking for an experienced Level 2 SOC Analyst to join us on this strategic engagement.

As an L2 analyst, you will be the escalation point for the L1 team — driving deeper investigations, leading incident response activities, and partnering with the client's senior security stakeholders. You will work hands-on with an enterprise-grade security stack (SIEM, EDR, DAM, IDS/IPS, micro-segmentation) in a regulated banking environment where the work genuinely matters.

This is an excellent opportunity to grow your career inside a structured managed services practice while gaining deep exposure to a Tier-1 BFSI security programme.

•     Act as the primary escalation point for L1 analysts on confirmed or suspicious security incidents.

•     Perform in-depth investigation, correlation, and root-cause analysis across SIEM, EDR, IDS/IPS, DAM, and endpoint protection platforms.

•     Lead containment, eradication, and recovery activities in line with established SOPs and the client's incident response playbooks.

•     Drive incident documentation, evidence preservation, timeline reconstruction, and post-incident reviews.

•     Escalate complex or high-severity incidents to L3 / Incident Response specialists with a clear, evidence-backed handover.

•     Continuously review SIEM alerts, identify false-positive patterns, and recommend rule tuning to improve signal quality.

•     Support development and refinement of detection use cases, correlation rules, and dashboards.

•     Conduct proactive threat hunting based on threat intelligence, IOCs, and observed attack patterns.

•     Stay current on emerging threats, TTPs, and MITRE ATT&CK techniques relevant to the BFSI sector.

•     Operate and monitor an enterprise security stack including SIEM, EDR, IDS/IPS, Database Activity Monitoring, antivirus, and micro-segmentation platforms.

•     Validate dashboard health, log source integrations, and agent coverage; troubleshoot gaps with platform owners.

•     Coordinate with OEM / vendor support and the client's engineering teams for tool-related issues.

•     Mentor and guide L1 analysts on triage quality, investigation depth, and escalation discipline.

•     Prepare daily, weekly, and monthly SOC reports, dashboards, and incident metrics for client stakeholders.

•     Support internal, external, and regulatory audit submissions, including evidence packs and control walk-throughs.

•     Adhere to and uphold the client's cybersecurity policies, standards, and regulatory requirements applicable to the banking sector.

•     Participate in security awareness initiatives, tabletop exercises, and operational drills.

•     3–6 years of hands-on SOC experience, with at least 1–2 years operating as an L2 analyst or equivalent.

•     Strong investigation skills across SIEM platforms (QRadar, Splunk, Sentinel, ArcSight, or similar).

•     Hands-on experience with EDR platforms (Cybereason, CrowdStrike, SentinelOne, Defender for Endpoint, or similar).

•     Working knowledge of IDS/IPS, antivirus / endpoint protection, Database Activity Monitoring, and network segmentation tooling.

•     Solid understanding of Windows and Linux internals, log analysis, and core networking protocols.

•     Familiarity with the MITRE ATT&CK framework, cyber kill chain, and modern attacker TTPs.

•     Sound understanding of incident response lifecycle, SOPs, and chain-of-custody / evidence handling.

•     Ability to work in a 24×7 rotational shift environment, including nights and weekends.

•     Prior experience supporting a BFSI / banking client or working in a regulated environment.

•     Exposure to managed security services (MSSP) delivery models and SLA-driven operations.

•     Basic scripting skills (Python, PowerShell, or KQL/SPL) for investigation and automation.

•     Awareness of cloud security monitoring (AWS / Azure / GCP).

•     Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field — or equivalent practical experience.

•     CompTIA CySA+ / Security+

•     CEH (Certified Ethical Hacker)

•     Cisco CyberOps Associate / Professional

•     GIAC GCIA / GCIH (advantage)

•     Vendor certifications on the operated SIEM or EDR platform

•     Strong analytical, problem-solving, and decision-making skills under pressure.

•     Excellent written and verbal communication — comfortable presenting findings to senior client stakeholders.

•     Disciplined, detail-oriented, and ownership-driven.

•     Collaborative team player able to mentor juniors and partner with engineering, IR, and audit teams.

•     Deploy on a flagship, long-term BFSI SOC engagement with high visibility and strong technical depth.

•     Hands-on exposure to a best-in-class enterprise security stack.

•     Structured career progression — L2 → L3 / Threat Hunting / Incident Response / SOC Lead — within our managed services practice.

•     Certification sponsorship and continuous learning support.

•     Competitive compensation, shift allowances, and benefits aligned with industry best practice.