Saviynt is an identity authority platform built to power and protect the world at work. In a world of digital transformation, where organizations are faced with increasing cyber risk but cannot afford defensive measures to slow down progress, Saviynt’s Enterprise Identity Cloud gives customers unparalleled visibility, control and intelligence to better defend against threats while empowering users with right-time, right-level access to the digital technologies and tools they need to do their best work.
We are building a next-generation Security Operations Center (SOC) designed for the cloud-first era. We are moving beyond traditional reactive methods to build an intelligent, automated SOC that leverages deep cloud security expertise to stop advanced threats.
We are seeking a motivated and detail-oriented L2 SOC Analyst to be a core member of our 24/7 operations team. This role is for a hands-on analyst who excels at investigating complex alerts, using automation to accelerate response, and is passionate about cloud security. You will be the primary line of in-depth analysis, working to validate, investigate, and contain threats as
they are escalated from L1.
Please note: This is a 24/7 operational role. The SOC team works in three rotating shifts
(morning, afternoon, and night) to ensure continuous monitoring and response.
WHAT YOU WILL BE DOING
Incident Triage & Investigation
Serve as the primary escalation point for alerts triaged by L1 analysts and automated systems.
Conduct detailed analysis of security alerts from a wide range of sources (SIEM, EDR, CSPM, Cloud-native tools) to validate threats and determine their scope.
Investigate security incidents in our enterprise and cloud environments (AWS, Azure, GCP), correlating data to build a complete picture of attacker activity.
Perform deep-dive analysis of logs, network packets, and endpoint data to identify indicators of compromise (IOCs).
Incident Response & Automation
Execute and tune automated response playbooks using our SOAR platform for common security incidents.
Perform timely incident response actions, such as isolating compromised hosts, blocking malicious IPs/domains, and disabling compromised accounts.
Utilize and modify existing scripts (primarily Python) to assist with automated evidence collection and enrichment.
Document all investigation steps, findings, and containment actions in our incident management system.
Threat Hunting & Cloud Monitoring
Participate in "guided" threat hunting campaigns based on new threat intelligence or hypotheses developed by senior analysts.
Actively monitor and analyze security logs from cloud-native tools (e.g., AWS GuardDuty, CloudTrail,Cloudflare, Azure,etc.).
Assist in tuning detection rules and identifying false positives to help improve the fidelity of our security alerts.
Continuous Improvement & Collaboration
Escalate complex, high-severity, or unresolved incidents to L3 Analysts and the Incident
Response team with detailed handover notes.
Contribute to the refinement of SOC documentation, including Standard Operating Procedures (SOPs) and investigation runbooks.
Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis.
What You Bring
Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night).
4-6 years of experience in a Security Operations (SOC) environment, with demonstrated L2 capabilities.
Cloud Security Experience: Hands-on experience monitoring and responding to alerts in at least one major cloud provider (AWS, Azure, or GCP).
Technical Expertise: Strong, hands-on experience with SIEM (e.g., Splunk, QRadar, Azure Sentinel) and EDR (e.g., CrowdStrike, SentinelOne) platforms.
Automation Familiarity: Experience using a SOAR platform and familiarity with scripting (Python preferred) for basic automation or analysis tasks.
Strong working knowledge of the MITRE ATT&CK framework and its application to incident analysis.
Why Join Us
Be at the forefront of a modern, cloud-focused Security Operations Center.
Gain deep, hands-on experience with cutting-edge cloud security, automation, and threat intelligence technologies.
A clear career path for growth into L3, threat hunting, or automation engineering roles.
Collaborate with world-class security and engineering leaders in a high-impact, operational role.
Ces cookies sont nécessaires au fonctionnement du site web et ne peuvent pas être désactivés dans nos systèmes. Vous pouvez configurer votre navigateur pour qu'il bloque ces cookies, mais certaines parties du site risquent alors de ne pas fonctionner.
Sécurité
Expérience utilisateur
Cookies ciblés
Ces cookies sont placés par nos partenaires publicitaires via notre site web. Ils peuvent être utilisés par ces entreprises pour créer un profil de vos intérêts et vous montrer des publicités pertinentes ailleurs.
Google Analytics
Google Ads
Nous utilisons des cookies
🍪
Notre site web utilise des cookies et des technologies similaires pour personnaliser le contenu, optimiser l'expérience de l'utilisateur, individualiser et évaluer la publicité. En cliquant sur OK ou en activant une option dans les paramètres des cookies, vous acceptez cela.
Les meilleurs emplois à distance par courriel
Rejoins 5'000+ personnes qui reçoivent des alertes hebdomadaires avec des emplois à distance!
