SOC Analyst

Careers / Product, Engineering and Development

SOC Analyst

About Gurucul

Gurucul is a cybersecurity analytics company delivering Next-Gen SIEM, UEBA, Insider Risk Management, and identity/threat detection solutions. We help enterprises reduce noise, detect threats faster, and improve security outcomes using advanced analytics and AI.

Role Summary

The Security Operations Center (SOC) Analyst monitors, analyzes, and responds to cybersecurity threats using SIEM and UEBA platforms to protect organizational systems and data. This role focuses on identifying suspicious activity, investigating security alerts, and supporting incident response while collaborating with detection engineers and IT teams to refine detection rules and reduce false positives.

The analyst also conducts proactive threat hunting, analyzes behavioral anomalies, and helps develop new detection use cases aligned with the MITRE ATT&CK framework. Additionally, the role supports SIEM/UEBA platform health, validates log ingestion and data quality, and produces reports on threat trends, detection effectiveness, and SOC performance for leadership and compliance needs.

Key Responsibilities

SIEM & UEBA Monitoring and Detection

  • Continuously monitor SIEM and UEBA platforms to identify suspicious activity, anomalous behavior, and potential security incidents.
  • Validate SIEM parsing, enrichment, and data integrity for all on boarded log sources to ensure accurate detection and correlation.
  • Analyze UEBA alerts, validate behavior baselines, and identify false positives due to noisy models or poor-quality input data.

Fine-Tuning Alerts, Models & Detections

  • Investigate recurring noisy alerts and work with detection engineers to fine-tune correlation rules, anomaly models, and behavioral detections.
  • Adjust thresholds, baselines, entity profiles, and detection logic to reduce false positives and increase true positive accuracy.
  • Perform regular health checks on detection rules and UEBA behavior models.

Incident Investigation & Response

  • Triage, analyze, and respond to security alerts following established incident response procedures.
  • Document incident details accurately and coordinate with IT and business stakeholders for resolution.
  • Support forensic analysis, log review, and data recovery activities as required.

Threat Hunting & Analytics Improvement

  • Conduct targeted threat-hunting missions based on TTPs, threat intel, and suspicious activity identified from SIEM/UEBA.
  • Investigate deviations from behavior baselines, unusual entity activity, and privilege misuse patterns.
  • Create hunting queries, improve detections, and feed findings into new or refined use cases.

Use Case Development & Continuous Improvement

  • Recommend new detection use cases based on threat landscape, business risks, and log source capabilities.
  • Collaborate with engineering teams to implement new rules, dashboards, and analytics in SIEM/UEBA.
  • Track detection coverage, identify gaps, and ensure alignment with MITRE ATT&CK and regulatory requirements.

Reporting & Executive Insights

  • Create executive reports summarizing incident trends, threat patterns, detection effectiveness, and SOC performance.
  • Present KPI dashboards on alert volumes, model performance, use-case coverage, and risk insights.
  • Support compliance reporting and audit requirements with SIEM/UEBA-driven evidence.

Security Operations Support

  • Perform daily monitoring tasks, operational validation, and routine system checks to ensure SIEM/UEBA health.
  • Conduct vulnerability and risk assessments, tracking remediation actions with relevant teams.
  • Follow departmental policies and SOPs to maintain consistent, controlled operations.

Required Qualifications

  • Bachelor’s degree in Technology / Engineering or equivalent.
  • Working knowledge of SIEM, UEBA, SOC processes, and incident handling.
  • Understanding of security controls, network fundamentals, IAM, endpoint security, and common attack techniques.

Preferred Qualifications (Nice-to-Have)

  • Certifications such as: Security+, CEH, GCIA, GSEC, Splunk Core User/Power User, Azure/AWS security certs, or equivalent.

Experience

2-6 Years

Location

Pune, India

To apply:

Please send resumes to jobs@gurucul.com for consideration.