Lead Cyber Security Analyst (SOC & Incident Response)

Job Description

Company: HighFalutin LLC

Location: New Delhi, IN

Job Title: Lead Cyber Security Analyst (SOC & Incident Response) – L3

Location: Delhi, India

Job Type: Contract (12 Months)

Shift: Rotational Shifts

Mandatory:

• At least one active certification from GCIH, GCFA, GREM, OSCP, CISM, SANS GIAC Gold, or CREST Certified Incident Manager (CCIM) or Similar ones.

Key Skills

• Security Operations Center (SOC)

• Incident Response

• Threat Hunting

• SIEM & Detection Engineering

• MITRE ATT&CK Framework

• Threat Intelligence

• Digital Forensics

• SOAR Automation

• UEBA & Network Detection and Response (NDR)

• Cybersecurity Monitoring and Analysis

Required Qualifications

• B.Tech / M.Tech in Computer Science, Information Security, or Cybersecurity with minimum 7 years in SOC/CSIRT operations.

• At least 2 years in an L3 or Lead Analyst role handling SOC environments.

• Expert-level proficiency in MITRE ATT&CK framework mapping, threat hunting methodologies (hypothesis-driven, IOC-driven, anomaly-driven), and hands-on experience authoring detection content across SIEM, UEBA, and NDR platforms.

• Demonstrated experience leading incident response for intrusions including forensic analysis (memory, disk, network), malware triage.

• Strong experience with SOAR playbook development, automated enrichment/response workflows, and Deception technology configuration (honeypots, honeytokens, breadcrumbs) for adversary engagement and intelligence collection.

Responsibilities

• Serve as the final escalation point for all L1/L2 analyst escalations; perform deep-dive investigation of advanced persistent threats (APTs), nation-state campaigns, and complex multi-stage attack chains across SIEM, UEBA, NDR, and Deception telemetry.

• Conduct proactive threat analysis using the MITRE ATT&CK framework, map all confirmed incidents to TTPs, identify detection gaps in current rule/model coverage, and author advanced correlation rules, UEBA behavioural baselines, and NDR anomaly signatures to close gaps.

• Lead and manage security incident investigations end-to-end, evidence preservation, forensic artefact collection, timeline reconstruction, root cause analysis, and executive-level incident reports for incidents classified CERT-In severity “High” and above.

• Own the detection engineering lifecycle: design, test, tune, and deprecate detection content (SIEM correlation rules, SOAR playbooks, UEBA models, NDR policies, Deception lure configurations, ASM discovery rules) with measurable precision/recall targets.

• Mentor and conduct structured skill-building for L1/L2 analysts. Weekly case reviews, tabletop exercises, purple team simulations ensuring the team maintains current knowledge of threat landscape, zero-day disclosures, and India-specific threat actor TTPs.

• Produce weekly and monthly threat intelligence briefs for CISO/leadership; maintain threat actor profiles relevant to the organisation’s sector; coordinate with CERT-In, NCIIPC, and sector-specific ISACs for intelligence sharing.

Source: BeBee