IDFC First Bank - Senior Cyber Defense Analyst - Endpoint Detection & Response

Description :

Role Overview

The Senior Cyber Defense Analyst is responsible for continuous monitoring of security events, investigating cyber threats, performing incident response, and improving the overall security posture of the organization. This role operates in a 24x7 SOC environment, requiring participation in rotational night shifts. The analyst will work closely with resolver teams, IT operations, and security leadership to ensure timely detection, analysis, and remediation of cyber incidents.

Primary Roles & Responsibilities :

1. Security Monitoring & Alert Analysis

- Monitor SIEM alerts 24x7x365 in rotational shifts, including nights.

- Analyze, validate, and triage security events from SIEM, EDR, firewalls, IDS/IPS, and cloud security tools.

- Determine false positives vs. true security incidents and classify severity levels.

2. Incident Investigation & Response

- Perform in-depth investigation of Alerts, Notable Events, Threat Indicators, and Compromised Hosts.

- Execute incident response steps such as:

Containment

Eradication

Recovery

Root cause analysis

- Document all findings and ensure actions follow internal IR workflows.

3. Reporting & Documentation

- Create, assign, and manage incidents using ticketing tools.

- Maintain detailed investigation logs, response actions, and timelines.

- Prepare incident summaries, dashboards, and escalation reports for SOC leadership.

4. Threat Hunting & Network Analysis

- Conduct proactive threat hunting using network traffic analysis, endpoint telemetry, and threat intel.

- Identify abnormal behavior, compromised systems, lateral movement, privilege misuse, and DoS attempts.

- Highlight system or resource exploitation early to minimize impact.

5. Escalation & SLA Management

- Escalate incidents to relevant resolver groups or Level-3 teams when necessary.

- Ensure response actions meet SOC SLAs, escalating promptly if timelines are at risk of breach.

- Maintain communication with stakeholders during active incidents.

6. SOC Tools & Platform Health

- Monitor the availability, performance, and health of SIEM and related security tools.

- Assist in tuning detection rules, refining correlation logic, and reducing false positives.

- Suggest enhancements to SOC processes, workflows, and playbooks.

7. Collaboration & Knowledge Sharing

- Work closely with other SOC Analysts to ensure smooth operations across shifts.

- Contribute to improving detection logic, use cases, dashboards, and process documents.

- Participate in security exercises, purple teaming, and capability development.

Secondary Responsibilities :

- Support vulnerability management teams by correlating vulnerabilities with security incidents.

- Assist in compliance reporting (ISO, RBI, SOX, internal audits) when required.

- Maintain updated SOC documentation, runbooks, and knowledge bases.

- Participate in training junior analysts, sharing best practices, and supporting SOC maturity initiatives.

Key Success Metrics :

- Alerts analyzed vs. incidents created with high accuracy.

- Incident response timelines meeting defined SLAs.

- High-quality investigation documentation with clear root cause and containment steps.

- Reduction in false positives through effective tuning and rule enhancements.

- Demonstrated improvement in SOC efficiency and detection capabilities.