Cywarden, Inc.
Website:
cywarden.com
Job details:
Job Title: SOC Analyst – L1
Location: Chandigarh
Experience: 2+ Years
Employment Type: Full-time
About the role
Join Cywarden as a hands-on SOC Analyst to be the frontline defender for enterprise customers. You’ll monitor and validate alerts, perform fast and accurate triage, escalate incidents, and drive routine containment — all while continuously improving detection fidelity across the Microsoft security ecosystem. This role is perfect for someone who thinks like an investigator, acts like a first responder, and enjoys coaching peers on operational excellence.
What you’ll own (day-to-day)
- Serve as first responder for alerts generated by Microsoft Sentinel, Cortex XDR, and Cortex XSOAR — validate, investigate, and act on them in real time.
- Monitor dashboards and alert queues across all shifts; maintain high situational awareness and handover hygiene.
- Perform initial triage: validate, categorize, and assign priority to alerts per SOC runbooks and SLAs.
- Enrich alerts with threat intelligence, asset context, and automated XSOAR enrichment playbooks to accelerate decision-making.
- Escalate confirmed or suspicious incidents to L2 within defined SLA windows and provide clear, actionable context.
- Document investigation steps, findings, and remediation actions in the XSOAR case management system.
- Quickly close routine false positives with a documented rationale and recommended tuning actions to reduce noise.
- Execute standard containment actions (isolate hosts, block IOCs, reset credentials) and follow playbooks to limit impact.
- Support investigations involving endpoint, identity, network and cloud telemetry; collaborate with L2/L3 for deeper forensic work.
- Contribute to SOC knowledge base: refine runbooks, update playbooks, and suggest new detection tuning based on recurring patterns.
Core responsibilities
- Monitor, analyze, and triage alerts from endpoints, network sensors, cloud logs, and identity services.
- Investigate incidents such as phishing, malware, lateral movement, brute force, and suspicious sign-ins.
- Use Microsoft Defender for Endpoint to analyze suspicious processes, triage alerts, and construct attack timelines.
- Escalate appropriately and prepare concise handoffs to ensure swift progression to containment and remediation.
- Maintain accurate incident timelines, evidence notes, and case closure documentation for audit readiness.
- Produce daily/weekly SOC summaries and contribute to post-incident reviews and RCA activities when required.
Tools & technologies you’ll use
- Microsoft Sentinel (SIEM / analytics)
- Microsoft Defender for Endpoint (EDR)
- Cortex XDR and Cortex XSOAR (detection & SOAR)
- Azure / Entra ID ecosystems for identity monitoring and sign-in investigations.
- Threat intel feeds, asset inventories, and internal CMDB integrations for context enrichment.
Required skills & experience (must-have)
- 2+ years in SOC / security operations with hands-on SIEM and EDR experience.
- Practical experience with Microsoft Sentinel and an endpoint EDR (e.g., Microsoft Defender for Endpoint, Cortex XDR).
- Strong alert triage skills — validate, prioritize, and escalate with clarity and speed.
- Good working knowledge of Windows internals, networking basics, and common attack patterns (phishing, malware, lateral movement).
- Familiarity with SOAR playbooks, case management, and documenting investigations.
- Comfortable working in shift rotations and handing over operations clearly.
- Clear communicator — able to write crisp incident notes and deliver concise verbal handoffs.
Nice-to-have
- Exposure to MITRE ATT&CK mapping and detection tuning.
- Experience with Azure AD / Entra ID investigations and conditional access troubleshooting.
- Basic scripting (PowerShell, Python) to automate enrichment or repetitive tasks.
- SOC certifications (SC-200, AZ-500, CEH) or relevant vendor-certs.
What we offer
- Opportunity to grow in a high-impact SOC: fast learning, mentoring, and clear career progression to L2/L3 roles.
- Training & certification support, hands-on purple-team exercises, and access to threat intel.
- An opportunity to work directly under industry leaders and learn from technical professionals with 10+ years of experience
Click on Apply to know more.