Security Analyst

Job Title: Security Analyst (Level 2)

Location: Pune, India

Shift: Rotational Shift

Employment Type: Full-Time, Work from Office

Experience: 3- 5 Years

About the Company:

Gruve is an innovative Software Services startup dedicated to empowering Enterprise Customers in managing their Data Life Cycle. We specialize in Cyber Security, Customer Experience, Infrastructure, and advanced technologies such as Machine Learning and Artificial Intelligence. Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customers and partner networks.

Why Gruve:

At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.

Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Position summary:

We are seeking a highly skilled Security Analyst (Level 2) to join our MSSP SOC team. The ideal candidate should have a strong foundation in SIEM monitoring & XDR or EDR solutions, and security analysis, with hands-on experience in investigating and responding to security alerts. This role requires expertise in reviewing and analysing Level 1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have a basic SIEM administration background and Python scripting skills for troubleshooting and playbook development.

Key Roles & Responsibilities:

1. Incident Detection and Response

· Analyse and Respond to Security Alerts: Review and investigate security alerts escalated from Level 1 analysts or generated by security monitoring tools (SIEM, IDS/IPS, EDR).

· Incident Triage: Conduct initial analysis of potential security incidents to determine severity, impact, and scope, including identifying false positives.

· Incident Escalation: If necessary, escalate incidents to the Level 3 SOC analysts for deeper investigation and remediation.

· Containment: Take appropriate containment actions to limit the impact of ongoing security incidents (e.g., isolating affected systems, blocking malicious IP addresses).

· Incident Documentation: Accurately document and report security incidents in a clear and comprehensive manner for later analysis and compliance requirements.

2. Security Monitoring

· Proactive Threat Detection: Identify potential threats and vulnerabilities by analyzing logs, network traffic, and other security data to find hidden threats or weaknesses.

· Monitor Security Systems: Regularly monitor and assess security infrastructure, including firewalls, intrusion detection systems, and endpoint protection tools, to detect anomalies and potential attacks.

· Alert Tuning: Adjust and refine alerts within security tools (SIEM, XDR) to improve detection and reduce false positives.

· Log Review: Review logs from various sources such as network devices, servers, and applications to identify security events or irregular activities.

3. SIEM Use Case Development & Implementation

· Design, develop, and implement SIEM correlation rules, dashboards, and alerts based on security threats and business needs.

· Define detection logic for security use cases covering malware, insider threats, APTs, data exfiltration, privilege escalation, brute-force attacks, and cloud security threats.

· Align use cases with MITRE ATT&CK, NIST, CIS Controls, and other industry frameworks.

· Work with SOC analysts and threat hunters to enhance detection and alerting capabilities.

· Ensure fine-tuning of SIEM rules to minimize false positives and maximize threat detection efficiency.

4. Collaboration and Escalation

· Work with Level 1 Analysts: Provide guidance and mentorship to Level 1 analysts on how to identify and escalate security incidents appropriately.

· Collaborate with Other Teams: Coordinate with internal teams (network security, IT operations, application security, etc.) to address vulnerabilities, incidents, and other security concerns.

· Incident Escalation to Level 3: For complex or advanced incidents, escalate issues to Level 3 analysts for deeper investigation and remediation.

5. Customer Communication & Incident Handling

· Engage with customers during security incidents and provide expert guidance.

· Conduct technical discussions to explain security threats and mitigation steps.

· Collaborate with internal and external teams for incident resolution.

6. Security Reporting and Documentation

· Prepare Incident Reports: Document detailed incident reports and provide analysis on the severity and impact of security events for management and other stakeholders.

· Generate Logs and Metrics: Provide regular reports and metrics on security operations, highlighting trends, incidents, and areas of improvement.

· Compliance Reporting: Ensure that incident records meet internal and external compliance and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS).

7. Continuous Improvement

· Refine Processes: Contribute to the development and improvement of SOC procedures, workflows, and tools to enhance the efficiency of security monitoring and incident response.

· Stay Current with Threats: Continuously update knowledge on emerging cybersecurity threats, trends, tools, and techniques to improve threat detection and response.

· Contribute to Training: Assist in training and developing junior staff (L1 analysts), ensuring the team’s overall readiness to handle incidents.

Basic Qualifications:

· B.E/B.Tech degree in computer science, Information Technology, Masters in Cybersecurity

· 3 to 5 years of experience and strong foundational knowledge in security operations, SIEM, or IT security.

· Knowledge and experience with SIEM tools (e.g., Splunk, QRadar, Azure Sentinel etc.), endpoint protection, and IDS/IPS.

· Knowledge of IT infrastructure, networking, and cybersecurity principles.

· Communicate effectively with customers, teammates, and management

· Excellent problem-solving skills and attention to detail.

· Strong communication and interpersonal skills.

Preferred Qualifications:

· Certifications in CySA+/CEH/ECIH or relevant certification for EDR/XDR etc.

· Exposure to SIEM solutions, specifically Splunk, Qradar, Azure Sentinel or similar platforms.

· Familiarity with security tools such as EDR, XDR, WAF, DLP, email security gateways, and proxy solutions.

· Enthusiasm for learning and a strong interest in cybersecurity as a career.

· Knowledge of cloud security and platforms (e.g., AWS, Azure, GCP).