Lead SOC Analyst

Thiruvananthapuram, Kerala
Permanent
Full-time

1 month ago

Job Description:We are seeking an experienced and proactive SOC Lead to drive the operations of our Security Operations Center. The ideal candidate will have strong expertise in cybersecurity monitoring, incident response, threat hunting, and stakeholder communication. This role involves leading a global 24x7 SOC team, coordinating with cross-functional teams, and enhancing our threat detection and response capabilities. You will act as the escalation point for complex incidents and play a key role in process improvement, automation, and mentoring the SOC team.Key Responsibilities:

Lead and coordinate the 24x7 SOC operations, managing a distributed team of L1 and L2 analysts.
Provide advanced triage and investigation of escalated security s and incidents from L1 analysts.
Act as the primary escalation contact for high-priority incidents and security breaches.
Ensure timely incident response and resolution within SLA while maintaining high-quality ticket documentation.
Conduct Root Cause Analysis (RCA) and create detailed incident reports for high-severity cases.
Continuously review and fine-tune security s, rules, and thresholds across SIEM and other monitoring tools.
Design and propose new security use cases and playbooks to improve detection and response automation.
Conduct training sessions for the team on new tools, updated processes, and emerging threats.
Organize and lead governance meetings (weekly/biweekly/monthly) with internal stakeholders and clients.
Stay informed on the latest threat intelligence, vulnerabilities, and security technologies to proactively enhance SOC capabilities.
Maintain and enhance SOC documentation, including SOPs, incident runbooks, and knowledge bases.
Collaborate with engineering, infrastructure, and compliance teams to align incident response with organizational risk management practices.

Required Skills & Experience:

Minimum 4 years of hands-on experience in a Security Operations Center, focusing on incident response, security analysis, and threat hunting.

Deep technical expertise in:

Email Security (Mimecast)
EDR Tools (e.g., Threat Down / Malwarebytes)
Secure Web Gateway (Netskope SWG)
Cloud Security (Microsoft Azure, Microsoft Defender)
SIEM Platforms (Azure Sentinel preferred)
Threat analysis and phishing investigation
Sound understanding of cybersecurity frameworks (MITRE ATT&CK, NIST, etc.) and incident response lifecycle.
Working knowledge of enterprise infrastructure: networking, firewalls, operating systems (Windows/Linux), databases, and web applications.
Excellent written and verbal communication skills; able to convey technical details to non-technical stakeholders.
Strong organizational and prioritization skills; experience handling multiple concurrent incidents and tasks in high-pressure environments

Preferred Certifications:

Relevant security certifications such as:
CEH (Certified Ethical Hacker)
Microsoft SC-200 (Security Operations Analyst)
AZ-500 (Azure Security Engineer Associate)
CISSP, GCIH, or similar.
Proficiency with Security Tools:
Mimecast Email Security
Threat Down (Malwarebytes)
Microsoft Azure, Microsoft Defender for O365
Netskope SWG
Azure Sentinel (SIEM)
Open-source tools for phishing analysis

Skills:Email Security, EDR, Threat hunting, SIEMAbout Company:UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.

UST

Apply Now