Cybersecurity Jobs List logo

Cybersecurity Jobs List

  1. Home
  2. Jobs
  3. India
  4. Karnataka
  5. Bengaluru
  6. SOC Analyst
  7. SOC Analyst — Security Operations
Revantage logoRE
Revantagerevantage.com

SOC Analyst — Security Operations

Bengaluru, Karnataka, IndiaFull-time19h ago

ESSENTIAL JOB DUTIES

1.  Alert Monitoring & Initial Triage

  • Monitor the security alert queue continuously across shift, ensuring no alerts are missed, delayed, or left without an initial disposition.
  • Perform initial triage of incoming alerts: review alert context, classify by type and potential severity, and determine whether the alert warrants escalation or closure as a false positive.
  • Apply documented playbooks and runbooks to guide triage decisions; escalate promptly to L2 when an alert exceeds L1 scope or confidence threshold.
  • Maintain accurate, timely documentation of all triage actions: alert details, initial findings, disposition rationale, and escalation notes.
  • Support shift handoff quality by ensuring all open items are clearly documented and communicated to the incoming analyst.

2.  ReliaQuest GreyMatter

  • Use GreyMatter as the primary platform for alert review, case management, and initial investigation workflows.
  • Navigate GreyMatter case queues, apply filters, and use built-in enrichment and AI-assisted features to support triage decisions — always validating outputs before acting.
  • Document findings, disposition notes, and escalation rationale within GreyMatter case records in accordance with SOC documentation standards.
  • Develop proficiency with GreyMatter investigation workflows through structured on-the-job learning and guidance from L2 analysts and the SOC Manager.

3.  Microsoft Defender for Endpoint

  • Review MDE alerts surfaced through GreyMatter or the MDE portal; understand alert categories, severity levels, and associated device context.
  • Perform basic endpoint investigation tasks: review device timelines for obvious indicators, check process trees, and identify key artifacts to include in escalation notes.
  • Understand and apply MDE alert triage criteria to support accurate initial severity classification.

4.  Microsoft Sentinel

  • Review Sentinel incidents and alerts as part of the monitoring queue; understand alert sources and the log types that feed detections.
  • Run basic KQL queries using provided templates to retrieve log evidence and support initial triage findings.
  • Develop foundational KQL proficiency over time, progressing toward independent query construction for common triage scenarios.

5.  SSE/SWG Platforms — Zscaler & Netskope

  • Develop working familiarity with Zscaler and Netskope alert types, log sources, and basic policy constructs.
  • Review web security alerts and support L2 analysts with initial context gathering for Zscaler and Netskope-related investigations.
  • Follow documented workflows for reporting and escalating SSE/SWG events that exceed L1 triage capability.

6.  ServiceNow Ticket Handling

  • Manage ServiceNow tickets assigned to the InfoSec/SOC queue: acknowledge, classify, document, and escalate or resolve within SLA.
  • Handle routine, low-complexity security tickets: user-reported suspicious emails, access queries, and basic security tool questions — following documented resolution procedures.
  • Maintain accurate ticket records: classification, evidence summary, actions taken, and resolution notes aligned to SOC documentation standards.
  • Flag repeat patterns or unresolved issues for L2 review and knowledge article creation.

7.  Email Security

  • Perform initial triage of user-reported phishing and suspicious email submissions using Mimecast and/or Abnormal.ai.
  • Apply documented phishing triage criteria: assess sender, links, attachments, and headers; classify and escalate confirmed or suspected malicious emails to L2.
  • Support quarantine and release workflows under L2 direction; document findings and outcomes in the relevant ticket or case record.

REQUIRED SKILLS & EXPERIENCE

  • 1+ years of experience in a SOC, IT operations, helpdesk, or security monitoring role.
  • Basic understanding of networking fundamentals: TCP/IP, DNS, HTTP/S, common ports and protocols.
  • Familiarity with Windows operating system concepts: processes, services, event logs, and common file system paths.
  • Awareness of common attack types and indicators: phishing, malware, credential abuse, and suspicious scripting.
  • Ability to follow structured procedures, playbooks, and escalation paths with precision and consistency.
  • ServiceNow or equivalent ITSM tool experience: ticket creation, classification, and documentation.
  • Strong attention to detail and clear written communication for ticket notes, case documentation, and shift handoffs.

PREFERRED QUALIFICATIONS

  • Prior exposure to a SIEM platform (Microsoft Sentinel, Splunk, or similar) for alert review or basic log analysis.
  • Familiarity with Microsoft Defender for Endpoint or equivalent EDR tooling.
  • Exposure to phishing analysis and email security tools (Mimecast, Abnormal.ai, or similar).
  • Understanding of the MITRE ATT&CK framework at a foundational level.
  • Experience working in a 24×7 shift environment.

EDUCATION & CERTIFICATIONS

  • Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent practical experience.
  • CompTIA Security+ — preferred or actively pursuing.
  • Microsoft SC-900 (Security, Compliance, and Identity Fundamentals) — a plus.
  • CompTIA CySA+ or equivalent — desirable as a development target.

SUCCESS MEASURES

  • SLA compliance and accurate, complete documentation for all assigned ServiceNow tickets.
  • Alert triage accuracy: low false-positive closure rate and appropriate, timely escalations to L2.
  • Shift handoff quality: all open items documented and communicated clearly with no gaps.
  • Demonstrated progression in GreyMatter proficiency and foundational tool knowledge over the first 90 days.
  • Positive contribution to team knowledge through flagging repeat patterns and supporting runbook updates.

WORKING CONDITIONS

  • 24×7 rotational shifts including nights, weekends, and holidays.
  • On-call support may be required for high-severity incidents.
  • Role demands sustained alertness, consistent process adherence, and composed, methodical work under pressure.

Job Applicant Privacy Notice

EEO Statement

The Company is an equal opportunity employer. In accordance with applicable law, we prohibit discrimination against any applicant, employee, or other covered person based on any legally recognized basis, including, but not limited to: veteran status, uniformed servicemember status, race, color, caste, immigration status, religion, religious creed (including religious dress and grooming practices), sex, gender, gender expression, gender identity, marital status, sexual orientation, pregnancy (including childbirth, lactation or related medical conditions), age, national origin or ancestry, citizenship, physical or mental disability, genetic information (including testing and characteristics), protected leave status, domestic violence victim status, or any other consideration protected by federal, state or local law. We are committed to providing reasonable accommodations, if you need an accommodation to complete the application process, please email TalentAcquisitionIndia@revantage.com

Categories

SOC Analyst
Security Operations
Cybersecurity
Security Monitoring
Incident Response

Skills

ReliaQuest GreyMatter
Microsoft Defender for Endpoint
Microsoft Sentinel
KQL
Zscaler
Netskope
ServiceNow
Mimecast
Abnormal.ai
TCP/IP
DNS
HTTP/S
MITRE ATT&CK Framework
Windows Operating System
SIEM