Description :

Job Title : Lead SOC Analyst (QRadar, CrowdStrike)

Experience : 6 to 8 Years

Location : Mumbai

Job Summary :

The Lead SOC Analyst is a senior technical and operational role responsible for managing escalated security incidents, ensuring high-quality investigations, meeting SLAs, and mentoring SOC L1/L2 analysts.

The role requires strong hands-on expertise in SIEM and EDR platforms, effective customer communication skills, and the ability to continuously enhance SOC detection and response capabilities.

Key Responsibilities :

Incident Management & Investigation :

- Act as the primary escalation point for complex and high-severity security incidents from SOC L1/L2 teams.

- Perform in-depth analysis to identify the complete attack lifecycle (kill chain).

- Validate true positives, assess business impact, and ensure timely containment and remediation within defined SLAs.

- Escalate incidents to L3 teams or relevant stakeholders with complete technical context when required.

- Prepare detailed Root Cause Analysis (RCA) reports for major security incidents.

SIEM, EDR & Threat Detection :

- Lead security investigations using SIEM platforms such as QRadar and Splunk.

- Analyze and respond to endpoint threats using EDR solutions like CrowdStrike and Cybereason.

- Fine-tune SIEM rules and alerts to reduce false positives and improve detection accuracy.

- Design and implement new SIEM use cases, detection logic, queries, and thresholds.

- Conduct proactive threat hunting to identify advanced and persistent threats.

- Coordinate endpoint remediation using EDR, AV, and security tools.

Process, Playbooks & Continuous Improvement :

- Develop, review, and maintain incident response playbooks, runbooks, and SOC procedures.

- Identify security gaps and recommend improvements in monitoring, tools, and processes.

- Support internal and external audits by ensuring effective logging, monitoring, and reporting.

- Propose automation and workflow optimizations to improve SOC efficiency and reduce manual effort.

Stakeholder & Customer Engagement :

- Participate in daily customer calls to provide incident updates, analysis, and security recommendations.

- Address customer queries, concerns, and security requests in a professional manner.

- Collaborate with internal teams and customers to ensure effective incident resolution.

Team Leadership & Knowledge Sharing :

- Mentor and provide technical guidance to SOC L1 and L2 analysts during investigations.

- Conduct training sessions, knowledge transfers, and create hunting guides and reference materials.

- Review analyst investigations for quality, accuracy, and adherence to SOC standards.

- Foster a culture of continuous learning, innovation, and operational excellence.

Required Skills & Experience :

- Minimum 7 years of hands-on experience in Security Operations / SOC environments.

- Strong expertise in security event monitoring, alert triage, and incident investigation.

- In-depth knowledge of log sources and security telemetry.

- Experience with vulnerability scanning, risk prioritization, and remediation planning.

- Ability to utilize Threat Intelligence for incident validation and response.

- Proven experience working in MSSP-based SOC operations.