Who You Are :

As a SOC Analyst III, you will play a critical role in strengthening Zinnias security posture.

You will be at the forefront of our defence operations analysing alerts, conducting in-depth investigations, and leading incident response efforts.

Your expertise will drive effective triage, containment, and remediation of security incidents while ensuring minimal business impact.

You will also contribute to the continuous improvement of our detection and response capabilities by creating and fine-tuning custom correlation rules, performing regular health checks of SOC tools, and identifying opportunities to enhance automation and efficiency.

Beyond operational excellence, you will engage in proactive threat hunting and leveraging threat intelligence to identify and mitigate emerging risks before they impact the organization.

Additionally, you will also mentor and guide other team members, fostering a culture of learning, collaboration, and continuous improvement within the SOC.

What Youll Do :

- Monitor, analyse, and respond to security alerts and incidents from multiple sources across the organizations infrastructure.

- Triage and prioritize alerts based on risk, relevance, and business impact to maintain focus on high-value threats.

- Lead investigation response activities, coordinating with relevant teams to execute corrective actions and implement long-term remediations.

- Develop, refine, and tune custom correlation logic and detection content to enhance threat visibility and reduce false positives.

- Conduct proactive threat hunting to identify suspicious patterns, behaviours, or anomalies that evade traditional detections.

- Perform health checks and maintenance of SOC tools and integrations to ensure continuous data flow and operational readiness.

- Document and maintain investigation records, incident timelines, and post-incident reports to support transparency and lessons learned.

- Collaborate with other cybersecurity and IT teams to improve detection coverage, response playbooks, and automation workflows.

- Mentor and support other SOC team members, providing technical guidance, quality assurance, and on-the-job training.

- Stay current on emerging threats, attacker techniques, and defensive best practices to continuously strengthen the SOCs capabilities.

- Develop, update, and maintain SOC standard operating procedures (SOPs) and incident response playbooks to ensure consistent and effective handling of security events.

- Work in 24x7 rotational shifts and weekend on-call support if and when required.

What Youll Need :

- 4-6 years of experience in security operations domain.

- Strong hands-on experience in security monitoring, alert triage, incident investigation, and response within a SOC environment.

- Proven ability to analyse and respond to complex security incidents, perform root cause analysis, and drive containment and remediation actions.

- Working knowledge of EDR, NDR, SOAR, and threat intelligence platforms and their integration into SOC workflows.

- Experience conducting proactive threat hunting using threat intelligence, behavioural analytics, and anomaly detection techniques.

- Proven expertise in designing and optimizing customized correlation rules, detection logic, and analytical reports to identify advanced threats, reduce false positives, and improve SOC efficiency.

- Familiarity with security frameworks and standards (MITRE ATT&CK, NIST, ISO 27001, etc.) and their practical application in detection and response.

- Foundational understanding of cloud platforms, with hands-on experience operating in cloud environments and conducting cloud-focused SOC investigations.

- Demonstrated understanding of network protocols, operating systems (Windows, Linux), and common attack techniques.

- Knowledge of malware analysis, phishing investigations, and vulnerability management processes.

- Willingness to learn, experiment, and collaborate across teams.

Nice to Have :

- Hands on experience with XDR and EDR solutions.

- Exposure to automation and orchestration within the SOC (SOAR platforms, scripting, workflow automation).

- Basic experience integrating devices with SOC tools and creating custom parsers.

- Knowledge of compliance and regulatory frameworks (ISO 27001, NIST, GDPR, HIPAA, etc.

- Certifications such as CSA, CySA+, CEH or SOC vendor certifications.