Saviynt is an identity authority platform built to power and protect the world at work. In a world of digital transformation, where organizations are faced with increasing cyber risk but cannot afford defensive measures to slow down progress, Saviynt’s Enterprise Identity Cloud gives customers unparalleled visibility, control and intelligence to better defend against threats while empowering users with right-time, right-level access to the digital technologies and tools they need to do their best work.
We are building a next-generation Security Operations Center (SOC) designed for the cloud-first era. We are moving beyond traditional reactive methods to build an intelligent, automated SOC that leverages deep cloud security expertise to stop advanced threats.
We are seeking a motivated and detail-oriented L2 SOC Analyst to be a core member of our 24/7 operations team. This role is for a hands-on analyst who excels at investigating complex alerts, using automation to accelerate response, and is passionate about cloud security. You will be the primary line of in-depth analysis, working to validate, investigate, and contain threats as
they are escalated from L1.
Please note: This is a 24/7 operational role. The SOC team works in three rotating shifts
(morning, afternoon, and night) to ensure continuous monitoring and response.
WHAT YOU WILL BE DOING Incident Triage & InvestigationServe as the primary escalation point for alerts triaged by L1 analysts and automated systems.Conduct detailed analysis of security alerts from a wide range of sources (SIEM, EDR, CSPM, Cloud-native tools) to validate threats and determine their scope.Investigate security incidents in our enterprise and cloud environments (AWS, Azure, GCP), correlating data to build a complete picture of attacker activity.Perform deep-dive analysis of logs, network packets, and endpoint data to identify indicators of compromise (IOCs).Incident Response & AutomationExecute and tune automated response playbooks using our SOAR platform for common security incidents.Perform timely incident response actions, such as isolating compromised hosts, blocking malicious IPs/domains, and disabling compromised accounts.Utilize and modify existing scripts (primarily Python) to assist with automated evidence collection and enrichment.Document all investigation steps, findings, and containment actions in our incident management system.Threat Hunting & Cloud MonitoringParticipate in "guided" threat hunting campaigns based on new threat intelligence or hypotheses developed by senior analysts.Actively monitor and analyze security logs from cloud-native tools (e.g., AWS GuardDuty, CloudTrail,Cloudflare, Azure,etc.). Assist in tuning detection rules and identifying false positives to help improve the fidelity of our security alerts.Continuous Improvement & CollaborationEscalate complex, high-severity, or unresolved incidents to L3 Analysts and the IncidentResponse team with detailed handover notes.Contribute to the refinement of SOC documentation, including Standard Operating Procedures (SOPs) and investigation runbooks.Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis. What You Bring Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience. Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night).4-6 years of experience in a Security Operations (SOC) environment, with demonstrated L2 capabilities. Cloud Security Experience: Hands-on experience monitoring and responding to alerts in at least one major cloud provider (AWS, Azure, or GCP).Technical Expertise: Strong, hands-on experience with SIEM (e.g., Splunk, QRadar, Azure Sentinel) and EDR (e.g., CrowdStrike, SentinelOne) platforms.Automation Familiarity: Experience using a SOAR platform and familiarity with scripting (Python preferred) for basic automation or analysis tasks.Strong working knowledge of the MITRE ATT&CK framework and its application to incident analysis. Why Join Us Be at the forefront of a modern, cloud-focused Security Operations Center. Gain deep, hands-on experience with cutting-edge cloud security, automation, and threat intelligence technologies. A clear career path for growth into L3, threat hunting, or automation engineering roles. Collaborate with world-class security and engineering leaders in a high-impact, operational role.
