DigiHelic Solutions Pvt. Ltd.
Website:
digihelic.com
Job details:
Job Title: Lead SOC Analyst (QRadar, CrowdStrike)
Experience: 10 Years
Location: Mumbai
Job Summary
The Lead SOC Analyst is a senior technical and operational role responsible for managing escalated security incidents, ensuring high-quality investigations, meeting SLAs, and mentoring SOC L1/L2 analysts. The role requires strong hands-on expertise in SIEM and EDR platforms, effective customer communication skills, and the ability to continuously enhance SOC detection and response capabilities.
Key Responsibilities
1. Incident Management & Investigation
Act as the primary escalation point for complex and high-severity security incidents from SOC L1/L2 teams.
Perform in-depth analysis to identify the complete attack lifecycle (kill chain).
Validate true positives, assess business impact, and ensure timely containment and remediation within defined SLAs.
Escalate incidents to L3 teams or relevant stakeholders with complete technical context when required.
Prepare detailed Root Cause Analysis (RCA) reports for major security incidents.
2. SIEM, EDR & Threat Detection
Lead security investigations using SIEM platforms such as QRadar and Splunk.
Analyze and respond to endpoint threats using EDR solutions like CrowdStrike and Cybereason.
Fine-tune SIEM rules and alerts to reduce false positives and improve detection accuracy.
Design and implement new SIEM use cases, detection logic, queries, and thresholds.
Conduct proactive threat hunting to identify advanced and persistent threats.
Coordinate endpoint remediation using EDR, AV, and security tools.
3. Process, Playbooks & Continuous Improvement
Develop, review, and maintain incident response playbooks, runbooks, and SOC procedures.
Identify security gaps and recommend improvements in monitoring, tools, and processes.
Support internal and external audits by ensuring effective logging, monitoring, and reporting.
Propose automation and workflow optimizations to improve SOC efficiency and reduce manual effort.
4. Stakeholder & Customer Engagement
Participate in daily customer calls to provide incident updates, analysis, and security recommendations.
Address customer queries, concerns, and security requests in a professional manner.
Collaborate with internal teams and customers to ensure effective incident resolution.
5. Team Leadership & Knowledge Sharing
Mentor and provide technical guidance to SOC L1 and L2 analysts during investigations.
Conduct training sessions, knowledge transfers, and create hunting guides and reference materials.
Review analyst investigations for quality, accuracy, and adherence to SOC standards.
Foster a culture of continuous learning, innovation, and operational excellence.
Required Skills & Experience:
- Minimum 7 years of hands-on experience in Security Operations / SOC environments.
- Strong expertise in security event monitoring, alert triage, and incident investigation.
- In-depth knowledge of log sources and security telemetry.
- Experience with vulnerability scanning, risk prioritization, and remediation planning.
- Ability to utilize Threat Intelligence for incident validation and response.
- Proven experience working in MSSP-based SOC operations.
- Seniority Level
- Mid-Senior level
- Industry
- Information Technology & Services
- Employment Type
- Full-time
- Job Functions
- Information Technology
- Skills
- Security Information and Event Management (SIEM)
- Incident Mana
Click on Apply to know more.