Security Analyst (L2 Triage & Investigation)

As a Security Analyst (L2 Triage & Investigation) at the Security Operations Center (SOC) in Delhi, your role involves advanced alert triage, cross-platform correlation, structured threat hunting, and detailed incident investigations within the SOC. You will be the analytical bridge between L1 monitoring and L3 threat leadership, ensuring accurate detection validation, attack narrative reconstruction, and timely remediation aligned with regulatory requirements such as CERT-In directives.

Key Responsibilities:

• Perform detailed triage and investigation of escalated security events from L1, correlating alerts across multiple platforms to determine true positive incidents with full attack narrative.
• Execute established SOAR playbooks for incident containment, enrichment, and response actions, identifying gaps in automation coverage and proposing new playbook requirements.
• Conduct structured threat hunting campaigns using various tools to identify threats that bypass automated detection, documenting all hunts with hypothesis, methodology, and findings.
• Maintain and tune detection rules, UEBA models, and NDR policies within defined parameters, tracking false positive rates and escalating tuning recommendations.
• Produce detailed incident investigation reports for every confirmed incident including IOCs, affected assets, timeline, impact assessment, and remediation verification.
• Actively monitor Attack Surface Management findings, validate exposed assets, assess vulnerability context, and coordinate remediation tracking with IT operations teams.

Required Qualifications:

• B.Tech / B.E. in Computer Science, IT, Information Security, or Cybersecurity.

Experience Requirement:

• Minimum 4 years of hands-on experience in a SOC environment performing alert triage, incident investigation, and threat analysis.

Technical Skill Requirements:

• Working proficiency across all six SOC platforms.
• Ability to pivot between various tools and analysis methods during investigations.
• Strong knowledge of network protocols, operating system internals, and common attack frameworks.
• Experience with scripting/automation for investigation acceleration and data analysis.

Company Website: [Innspark](https://innspark.in/) As a Security Analyst (L2 Triage & Investigation) at the Security Operations Center (SOC) in Delhi, your role involves advanced alert triage, cross-platform correlation, structured threat hunting, and detailed incident investigations within the SOC. You will be the analytical bridge between L1 monitoring and L3 threat leadership, ensuring accurate detection validation, attack narrative reconstruction, and timely remediation aligned with regulatory requirements such as CERT-In directives.

Key Responsibilities:

• Perform detailed triage and investigation of escalated security events from L1, correlating alerts across multiple platforms to determine true positive incidents with full attack narrative.
• Execute established SOAR playbooks for incident containment, enrichment, and response actions, identifying gaps in automation coverage and proposing new playbook requirements.
• Conduct structured threat hunting campaigns using various tools to identify threats that bypass automated detection, documenting all hunts with hypothesis, methodology, and findings.
• Maintain and tune detection rules, UEBA models, and NDR policies within defined parameters, tracking false positive rates and escalating tuning recommendations.
• Produce detailed incident investigation reports for every confirmed incident including IOCs, affected assets, timeline, impact assessment, and remediation verification.
• Actively monitor Attack Surface Management findings, validate exposed assets, assess vulnerability context, and coordinate remediation tracking with IT operations teams.

Required Qualifications:

• B.Tech / B.E. in Computer Science, IT, Information Security, or Cybersecurity.

Experience Requirement:

• Minimum 4 years of hands-on experience in a SOC environment performing alert triage, incident investigation, and threat analysis.

Technical Skill Requirements:

• Working proficiency across all six SOC platforms.
• Ability to pivot between various tools and analysis methods during investigations.
• Strong knowledge of network protocols, operating system internals, and common attack frameworks.
• Experience with scripting/automation for investigation acceleration and data analysis.

Company Website: [Innspark](https://innspark.in/)