SOC Analyst L2

Introduction

At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your role and responsibilities

The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution.

• Good knowledge of SIEM, SIEM Architecture, SIEM health check.
• Audit the SIEM in the customer environment.
• Troubleshoot issues regarding SIEM and other SOC tools.
• Good verbal/written communication skills.
• Build of use case for the customer.
• Data archiving and backup and data purging configuration as per need and compliance.
• Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
• Helping L3 and L1 with required knowledge base details and basic documentations.
• Co-ordination SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
• High ethics, ability to protect confidential information.
• Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
• Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
• Update and maintain SOC knowledge base for new security incidents and docs.
• Creation of daily status report sheet and submit to SOC manager for review.
• Review advisories and make necessary detection measures.
• Provide analysis and trending of security log data from a large number of security devices.
• Troubleshooting non-reporting devices fix and maintain device status.
• Working with OEM (Tool support) in a way to resolve the issue or incident raised.
• Administration of Windows and Unix servers.
• Ready to work on 24/7 shifts to support client requirement.

Required education

Bachelor's Degree

Preferred education

Bachelor's Degree

Required technical and professional expertise

• 2 Years of Experience in SOC monitoring and investigation.
• Audit the SIEM in the customer environment.
• Troubleshoot issues regarding SIEM and other SOC tools.
• Build of use case for the customer.
• Data archiving and backup and data purging configuration as per need and compliance.
• Helping L3 and L1's with required knowledge base details and basic documentations.
• Co-ordination with SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
• Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
• Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
• Update and maintain SOC knowledge base for new security incidents and docs.
• Creation of daily status report sheet and submit to SOC manager for review.
• Review advisories and make necessary detection measures.
• Provide analysis and trending of security log data from a large number of security devices.
• Troubleshooting non-reporting devices fix and maintain device status.
• Working with OEM (Tool support) in a way to resolve the issue or incident raised.
• Administration of Windows and Unix servers.
• Building Parser for the SIEM using regex.

Preferred technical and professional experience

• Escalation point for L1's and SOC Monitor team.
• Ability to drive call and summarizing it post discussion.
• Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD).
• Deep understanding on Windows, DB, Mail cluster, VM and Linux commands.
• Knowledge of network protocols TCP/IP and ports.
• Team Spirit and working ideas heading to resolution of issues.
• Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred.
• Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred.
• SOC Senior Analyst experience with multiple customers.

ABOUT BUSINESS UNIT

IBM Consulting is IBM's consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients' businesses through the power of collaboration. We believe in the power of technology responsibly used to help people, partners and the planet.

YOUR LIFE @ IBM

In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.

Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.

Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.

Are you ready to be an IBMer?

ABOUT IBM

IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.

Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business.

At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.

IBM is proud to be an equal-opportunity employer. All qualifiedapplicants will receive consideration for employment without regard to race,color, religion, sex, gender, gender identity or expression, sexualorientation, national origin, caste, genetics, pregnancy, disability,neurodivergence, age, veteran status, or other characteristics. IBM is alsocommitted to compliance with all fair employment practices regardingcitizenship and immigration status.

OTHER RELEVANT JOB DETAILS

When applying to jobs of your interest, we recommend that you do so for those that match your experience and expertise. Our recruiters advise that you apply to not more than 3 roles in a year for the best candidate experience. For additional information about location requirements, please discuss with the recruiter following submission of your application.

Client-provided location(s): Chennai, India

Job ID: IBM-48170

Employment Type: OTHER

Posted: 2025-07-23T11:46:08