Engineer II - SOC Support (L1)

Position: Engineer - L1
Type: FTE
Specific job responsibilities
• Monitor and analyze security alerts generated by SIEM platforms including Elastic SIEM, Microsoft Sentinel, and other SIEM tools (e.g., Wazuh, Splunk, QRadar).• Perform continuous security monitoring of network traffic, endpoint activity, and system logs to identify suspicious or malicious behaviour.• Investigate potential security incidents by performing detailed log analysis to detect anomalies and attack patterns.• Classify security alerts accurately as True Positive or False Positive based on evidence and analysis.• Respond to security incidents promptly by following defined incident response playbooks and SOPs.• Escalate confirmed or high-severity incidents to senior SOC engineers with proper documentation, context, and impact analysis.• Conduct phishing email analysis, including:o Header and sender analysiso URL and attachment inspectiono Identification of credential-harvesting and malware delivery attempts• Track and investigate malware alerts, performing basic static and behavioral analysis using EDR telemetry and sandbox results.• Monitor and analyze endpoint activity using EDR tools such as SentinelOne and Microsoft Defender for Endpoint.• Support vulnerability assessment activities by reviewing scan results, validating findings, and assisting with remediation tracking.• Maintain accurate incident reports, investigation notes, and SOC documentation.• Follow daily threat intelligence updates and apply relevant insights to ongoing investigations.• Adhere to SOC SLAs, escalation procedures, and operational best practices.• Support client Baseline Security Reviews by reviewing security tool configurations and documenting gaps against defined security baselines.
Specific skills
• Basic to intermediate understanding of networking, security, and system administration concepts.• Knowledge of:o Network security fundamentalso Firewalls, IDS/IPS, and SIEM toolso Vulnerability assessment concepts and security best practices• Familiarity with Windows and/or Linux environments.• Hands-on exposure to:o SIEM monitoring and alert investigationo Incident response and alert triageo Endpoint detection and response (EDR) tools• Understanding of common attack techniques including phishing, malware, brute force, and credential abuse.Certifications• CEH (Certified Ethical Hacker)• Microsoft SC-200 - Security Operations Analyst• Microsoft SC-900 or equivalent security fundamentals certification
Qualification and experience
• Bachelor's degree in computer science, Information Security, Information Technology, or a related field (or equivalent practical experience).o 3-5 years of experience in:o SOC operationso Cybersecurity monitoring• Hands-on experience with SIEM tools and security alert investigation is preferred.
No. of positions: 01
Work location: Wipfli India, Bengalur