Job Title: Senior Security Analyst - L2

Location: Bangalore (on site)

Experience Level: 5 to 8 years

About ColorTokens

At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen—but with our cutting-edge ColorTokens Xshield platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected.

Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave: Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions.

Join us in transforming cybersecurity. Learn more at

Our culture

We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and highly motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of the world’s impactful organizations - be it a children’s hospital, or a city, or the defense department of an entire country.

Job Description

ColorTokens is looking for a skilled and detail-oriented Senior Security Analyst (L2) to support security operations within our Managed Security Operations Center (SOC). This role focuses on investigating security alerts, handling medium-to-high severity incidents, and supporting threat detection and response efforts. You will act as a key escalation point for L1 analysts while collaborating with senior team members on advanced investigations and response activities. The ideal candidate possesses deep technical expertise in cybersecurity, excellent analytical skills, and a strong understanding of modern attack techniques across IT and OT environments.

Key Responsibilities:

• Investigate and respond to medium and high-severity security alerts and incidents across customer environments.
• Perform initial and intermediate forensic analysis on endpoints, network traffic, logs, and cloud platforms.
• Analyze and correlate security data from multiple sources such as SIEM, EDR, NDR, and threat intelligence feeds.
• Act as an escalation point for Tier 1 analysts for validated alerts and suspicious activities.
• Assist in proactive threat hunting based on known indicators of compromise (IOCs) and basic TTP patterns.
• Support the development and tuning of detection rules, SIEM use cases, and alerting mechanisms.
• Execute and follow incident response playbooks; provide feedback for continuous improvement.
• Document investigation findings, incident timelines, and remediation steps clearly and accurately.
• Participate in incident response activities and support post-incident analysis under guidance from senior analysts.
• Collaborate with internal teams (threat intelligence, engineering, and customer success) for incident resolution
• Contribute to knowledge sharing and assist in mentoring junior analysts when needed.

Required Skills & Experience:

• 5-8 years of experience in SOC operations, threat detection, incident response, or cybersecurity monitoring.
• Good understanding of common attack techniques, threat vectors, and basic MITRE ATT&CK framework mapping.
• Hands-on experience analyzing logs from SIEM, EDR, firewalls, and cloud platforms.
• SIEM: Splunk, Microsoft Sentinel, QRadar
• EDR/XDR: CrowdStrike, Microsoft Defender for Endpoint, SentinelOne
• Basic exposure to NDR tools (Vectra, Darktrace, ExtraHop is a plus)
• SOAR platforms (preferred but not mandatory): XSOAR, Splunk SOAR, Tines
• Working knowledge of Windows, Linux systems, and network fundamentals (TCP/IP, DNS, HTTP/S)
• Basic scripting or query skills (KQL, Python, Bash, or PowerShell)
• Understanding of cloud environments (Azure/AWS) fundamentals

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience)
• One or more advanced certifications preferred:
• GIAC (GCIA, GCIH, GCFA, GNFA)
• OSCP / OSEP
• SC-200 / AZ-500 / CISSP
• GICSP (for OT/ICS experience)

Preferred Skills:

• Strong problem-solving skills under pressure
• Excellent written and verbal communication (for RCA reports, executive briefings)
• Ability to lead customer-facing incident response calls and postmortems
• Passion for staying current with threat landscape and evolving technologies
• Team player with mentoring mindset

Why Join Us?

• Work on a cutting-edge cybersecurity product in a fast-paced startup environment.
• Collaborate with a world-class team of engineers and security experts.
• Opportunity to learn, grow, and make a real impact from day one.