IT Cyber Defense Analyst

Job Description: IT Cyber Defense Analyst – P2

Location: Remote (Pune-Baroda, India)

Department: IT Cybersecurity / Security Operations Centre (SOC)

Reports To: SOC Manager

About the Role

The SOC IT Cyber Defense Analyst is responsible for real-time security monitoring, alert triage, and initial investigation of security events across enterprise environments.

This role serves as the first line of defense, ensuring timely detection, analysis, escalation, and documentation of potential security incidents while maintaining operational excellence in a 24/7 SOC environment.

Key Responsibilities

Security Monitoring & Alert Triage


* Monitor security alerts from multiple platforms including SIEM, EDR/XDR, SOAR, IDS/IPS, Email Security, and Cloud Security tools


* Perform initial triage and analysis of alerts to determine severity, impact, and validity


* Identify false positives, benign events, and potential security incidents

Incident Handling & Investigation



* Conduct Level 1 investigation of security incidents such as:
+ Phishing and Email-based threats
+ Malware, ransomware, and suspicious file activity
+ Endpoint, network, and account anomalies
+ Unauthorized access attempts and policy violations


* Collect and analyze logs, artifacts, and indicators (IPs, URLs, hashes, domains)


* Document findings clearly and accurately in incident tickets and SOC communication channels

Escalation & Coordination



* Escalate confirmed or high-risk incidents to L2/L3 analysts or Incident Response teams as per defined runbooks


* Follow standard operating procedures (SOPs) and escalation matrices


* Coordinate with IT, Desktop, Network, Cloud, and Application teams when required

Communication & Reporting



* Provide clear, concise, and timely updates during incident handling


* Participate in shift handovers, ensuring continuity and proper knowledge transfer


* Maintain accurate incident timelines, actions taken, and next steps

Compliance & Process Adherence



* Adhere to SOC policies, security standards, and compliance requirements


* Ensure proper handling of sensitive information and evidence


* Follow approved WFH / on-site operational standards, including workstation and monitoring setup

Continuous Improvement



* Actively participate in training, tabletop exercises, and knowledge-sharing sessions


* Stay updated on latest threats, attack techniques, and security trends


* Provide feedback to improve SOC processes, detection rules, and playbooks

Required Skills & Qualifications

Technical Skills



* Basic understanding of:
+ Networking concepts (TCP/IP, DNS, HTTP/S, VPN)
+ Operating Systems (Windows, Linux fundamentals)
+ Cybersecurity concepts (malware, phishing, brute force, MITRE ATT&CK)


* Hands-on exposure or familiarity with:
+ SIEM tools (e.g., Splunk, Sentinel, QRadar, Elasti...