Why Choose Bottomline
Are you ready to transform the way businesses pay and get paid Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team!
Security Operations Analyst II
Position Summary
The Security Operations Analyst II is an exciting role within our global Security Operations Center, providing security monitoring, incident analysis, and coordinated response to protect payment processing infrastructure. Based in India, this position delivers critical coverage during India business hours as part of our follow-the-sun model, bridging US and EU teams across time zones.
This role requires strong technical proficiency, clear communication for global coordination, and the ability to independently manage security incidents from detection through resolution. The right candidate brings proven investigative skills and solid operational instincts -- ready to contribute meaningfully while learning the nuances of our environment through hands-on training and shadowing.
Key Responsibilities
Security Monitoring and Analysis
- Monitor SIEM platforms, EDR tools, and network security appliances for indicators of compromise and anomalous activity
- Triage, investigate, and respond to security alerts -- distinguish true positives from noise through analysis of logs, network traffic, endpoint telemetry, and threat intelligence
- Monitor report mailboxes and escalation queues; assess priority and pivot to investigation or response as needed
- Conduct proactive threat hunting to identify threats that evade automated detection
- Collaborate with IT, network engineering, and application teams during triage to gather context and coordinate response
Incident Response and Coordination
- Serve as incident coordinator during assigned shifts, orchestrating response across distributed global teams
- Execute containment, eradication, and recovery actions per established playbooks
- Coordinate with US and EU personnel during incident handoffs with clear, comprehensive briefings
- Engage stakeholders to facilitate system isolation, evidence collection, and remediation
- Document incident timelines, actions, and lessons learned per compliance requirements
- Escalate critical incidents to senior leadership with situation assessments and recommended actions
Global Operations and Process Improvement
- Provide seamless follow-the-sun coverage, participating in daily global SOC briefings
- Collaborate with security engineering to tune detection rules and reduce false positives
- Refine playbooks, procedures, and documentation based on operational experience
- Stay current with emerging threats and industry best practices in financial services security
Qualifications
Experience
- 3-5 years in security operations with progression from junior to intermediate responsibilities
- Minimum 2 years hands-on incident investigation and response in enterprise environments
- Experience in global or distributed SOC teams with cross-timezone coordination
- Financial services, payment processing, or regulated industry background preferred
Technical Skills
- Strong SIEM proficiency (Splunk, QRadar, Sentinel, or similar) including query development
- EDR experience (CrowdStrike, Carbon Black, Defender, or SentinelOne)
- Network protocol knowledge (TCP/IP, DNS, HTTP/S) and packet analysis skills
- Windows and Linux investigation techniques; scripting ability (Python, PowerShell, or Bash)
- Familiarity with MITRE ATT&CK and common attacker TTPs
Education and Certifications
- Bachelor's degree in Computer Science, Cybersecurity, or related field; equivalent experience considered
- Security certifications (Security+, GCIH, CEH) valued; advanced certs (GCIA, GCFA, CISSP) a plus
Preferred
- Cloud security monitoring experience (AWS, Azure, or GCP)
- SOAR platform experience; threat intelligence integration
- Digital forensics background; PCI DSS familiarity
CORE COMPETENCIES
- Technical Excellence:Thorough investigations and sound conclusions under pressure
- Communication:Exceptional written and verbal English for global coordination and documentation
- Critical Thinking:Synthesizes information from multiple sources; identifies complex attack patterns
- Self-Direction:Works independently with sound judgment on when to escalate
- Collaboration:Partners effectively across teams, time zones, and cultures
REPORTING STRUCTURE
Direct Reporting:Senior Manager, Security Operations
WORKING CONDITIONS
This position operates within a 24/7 global Security Operations Center environment based in India, providing coverage that overlaps with US East Coast, US West Coast, and European security teams. Standard working hours align with India business hours (9:00 AM to 6:00 PM IST) with flexibility required for incident response, global team coordination, and critical maintenance activities. The analyst must be available for on-call rotation to support after-hours critical incidents.
New hires will receive structured onboarding including training and shadowing to learn our specific environment, tooling, and operational procedures.
This job description conveys information essential to understanding the scope of the position and is not an exhaustive list of skills, efforts, duties, responsibilities, or working conditions associated with it. Management reserves the right to modify, add, or remove duties as necessary.
We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. We're proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone.
