SOC Analyst / Threat Hunter

Job Description SOC Analyst / Threat Hunter

We are seeking a skilled and proactive SOC Analyst / Threat Hunter (L2) to join our Security Operations Center. This role is responsible for conducting in-depth investigations of security events, engaging in proactive threat hunting, and contributing to incident response activities. The analyst will also support the tuning of detection logic, monitoring tool health, and security operations across both on-premises and AWS cloud environments. The role sits at the core of our operational defense capability.

Key Responsibilities

1. Security Operations, Incident Response & Cloud Security

· Triage and investigate alerts from SIEM, EDR, NDR, and CSPM platforms

· Correlate logs from endpoints, network, and cloud-native services

· Investigate escalated alerts related to IAM misuse, anomalous API calls, privilege escalations, exposed storage (e.g., S3 buckets), and suspicious cloud workloads

· Assist in containment and response of cloud-based incidents: isolate workloads, revoke keys, suspend IAM users, apply NSG/security group modifications

· Perform root cause analysis and support recovery actions for both cloud and on-prem threats

· Validate security tool status across environments, including CSPM/CIEM tools and ensure coverage across cloud workloads

· Participate in post-incident reviews, update cloud-specific playbooks and ensure IR readiness across hybrid environments

2. Threat Hunting, Detection Engineering & Continuous Improvement

· Conduct proactive threat hunts across cloud and on-prem logs to uncover hidden threats

· Use cloud telemetry to detect behavioural anomalies or policy violations

· Leverage threat intel and TTPs to hunt for signs of known actor techniques across the environment (MITRE ATT&CK for Cloud)

· Work with engineering teams to fine-tune and improve cloud-specific detections (e.g., alerting on disabled logging, overly permissive IAM, use of stolen API keys)

· Develop or update detection rules and recommend automation playbooks for cloud incident response

· Share hunting findings and detection improvements in weekly SOC knowledge sessions

· Document use cases, lessons learned, and detection enhancements for broader SOC adoption

Weekly / Monthly Contributions

· Participate in IR reviews and quality assurance across hybrid threats

· Review cloud account posture using CSPM tools and flag unresolved misconfigurations

· Analyse cloud activity trends and deliver reporting on identity risks, misconfigurations, and emerging attack patterns

· Contribute to red team debriefs and cloud simulation test cases, update and maintain playbooks

· Support cross-training within SOC for improved cloud security operations maturity

Required Qualifications

· 2–4 years in a SOC, IR, or security monitoring role

· Hands-on experience with log analysis and investigation in cloud platforms: AWS (CloudWatch, CloudTrail, GuardDuty)

· Solid grasp of attacker TTPs in cloud environments: exposed credentials, over-permissioned roles, container abuse, cloud lateral movement

· Proficiency with SIEM/EDR platforms and investigation workflows

· Basic scripting or automation knowledge (Python, PowerShell, Boto3, etc.)

· Familiarity with cloud-native security tools (AWS Config)

· Certifications like CySA+, AWS Security Specialty are desirable

Soft Skills & Traits

· Investigative mindset with high attention to detail

· Collaborative team player with strong communication skills

· Ability to work under pressure in live incidents or fast-paced SOC environments

· Curiosity-driven attitude toward evolving threats and cloud services