Position: Engineer – L1

Type: FTE

Specific job responsibilities

• Monitor and analyze security alerts generated by SIEM platforms including Elastic SIEM,
Microsoft Sentinel, and other SIEM tools (e.g., Wazuh, Splunk, QRadar).
• Perform continuous security monitoring of network traffic, endpoint activity, and system logs
to identify suspicious or malicious behaviour.
• Investigate potential security incidents by performing detailed log analysis to detect
anomalies and attack patterns.
• Classify security alerts accurately as True Positive or False Positive based on evidence and
analysis.
• Respond to security incidents promptly by following defined incident response playbooks and
SOPs.
• Escalate confirmed or high‑severity incidents to senior SOC engineers with proper
documentation, context, and impact analysis.
• Conduct phishing email analysis, including:
o Header and sender analysis
o URL and attachment inspection
o Identification of credential‑harvesting and malware delivery attempts
• Track and investigate malware alerts, performing basic static and behavioral analysis using
EDR telemetry and sandbox results.
• Monitor and analyze endpoint activity using EDR tools such as SentinelOne and Microsoft
Defender for Endpoint.
• Support vulnerability assessment activities by reviewing scan results, validating findings, and
assisting with remediation tracking.
• Maintain accurate incident reports, investigation notes, and SOC documentation.
• Follow daily threat intelligence updates and apply relevant insights to ongoing investigations.
• Adhere to SOC SLAs, escalation procedures, and operational best practices.
• Support client Baseline Security Reviews by reviewing security tool configurations and
documenting gaps against defined security baselines.

Specific skills

• Basic to intermediate understanding of networking, security, and system administration
concepts.
• Knowledge of:
o Network security fundamentals
o Firewalls, IDS/IPS, and SIEM tools
o Vulnerability assessment concepts and security best practices
• Familiarity with Windows and/or Linux environments.
• Hands‑on exposure to:
o SIEM monitoring and alert investigation
o Incident response and alert triage
o Endpoint detection and response (EDR) tools
• Understanding of common attack techniques including phishing, malware, brute force, and
credential abuse.
Certifications
• CEH (Certified Ethical Hacker)
• Microsoft SC‑200 – Security Operations Analyst
• Microsoft SC‑900 or equivalent security fundamentals certification

Qualification and experience

• Bachelor’s degree in computer science, Information Security, Information Technology, or a
related field (or equivalent practical experience).
o 3-5 years of experience in:
o SOC operations
o Cybersecurity monitoring
• Hands‑on experience with SIEM tools and security alert investigation is preferred.

No. of positions: 01

Work location: Wipfli India, Bengalur