Security Operations Engineer / Senior Security Analyst

Role: Security Operations Engineer / Senior Security Analyst
Position Type: Full-Time Contract (40hrs/week)
Contract Duration: 6-months+
Work Hours: Overlap with CST
Work Schedule: 8 hours/day (Mon-Fri)
Location: 100% Remote (Candidates can work from anywhere in India)

Position Overview

We are seeking a Security Operations Engineer / Senior Security Analyst to strengthen the company's cybersecurity posture and lead technical security investigations across our enterprise environment.

This role will be responsible for detecting, investigating, and responding to security incidents across identity, endpoint, network, and cloud platforms, while partnering closely with IT infrastructure and external security providers. The position plays a critical role in protecting business operations, improving security visibility, and establishing scalable detection and response capabilities.

The ideal candidate is a hands-on security practitioner with experience in incident response, threat detection, identity security, and modern security tooling.

Key Responsibilities

Security Monitoring & Threat Detection

• Monitor and investigate security alerts across enterprise security platforms including:
  • CrowdStrike Falcon / Falcon Complete
  • Tanium
  • Zscaler (ZIA / ZPA) / Palo Alto Prisma
  • Microsoft Entra ID / Microsoft 365
• Correlate security events across identity, endpoint, and network telemetry to identify potential threats.
• Perform proactive threat hunting across enterprise logs and security platforms.
• Develop and tune detection rules to identify suspicious behavior such as:
  • credential compromise
  • impossible travel / anomalous authentication
  • suspicious email activity
  • lateral movement
  • data exfiltration attempts

Incident Response & Investigation

• Lead technical investigations into suspected security incidents including:
  • compromised accounts
  • malware or endpoint compromise
  • phishing or business email compromise
  • suspicious network activity
  • Conduct root cause analysis and document incident timelines.
• Coordinate containment and remediation actions with internal IT teams and external security partners.
• Improve investigation workflows and documentation for repeatable response procedures.

Identity & Access Security

• Monitor authentication activity within Microsoft Entra ID and Microsoft 365.
• Investigate suspicious logins, MFA anomalies, and token abuse.
• Help implement and improve Conditional Access policies and identity protection controls.
• Identify and mitigate risks related to:
  • legacy authentication
  • OAuth consent abuse
  • credential theft
  • MFA bypass techniques

Email & Phishing Security

• Investigate suspicious email activity and phishing incidents in partnership with email security platforms.
• Collaborate with security tools such as Abnormal Security and Microsoft security tooling to improve phishing detection and response.
• Build detection processes for Business Email Compromise (BEC) scenarios.

Security Tooling & Architecture

Maintain and optimize enterprise security platforms including:

Endpoint & Device Security

• CrowdStrike Falcon
• Tanium

Network & Cloud Security

• Zscaler ZIA / ZPA
• Palo Alto Networks security platform (future roadmap)

Identity Security

• Microsoft Entra ID
• Microsoft 365 security capabilities
• Assist with the future rollout and operationalization of:
  • Palo Alto Prisma Access
  • Palo Alto advanced threat protection capabilities

Security Automation & Detection Engineering

• Improve detection coverage by developing:
  • alerting rules
  • investigation queries
  • automated response playbooks
• Partner with external SOC providers to enhance alert fidelity and reduce false positives.

Security Visibility & Reporting

• Produce clear security reports summarizing:
  • security incidents
  • threat trends
  • detection gaps
  • remediation actions
• Present findings to IT leadership to support ongoing improvements in security posture.

Required Qualifications

• 5+ years of experience in cybersecurity operations or incident response
• Hands-on experience with EDR platforms (CrowdStrike preferred)
• Experience investigating identity-based threats within Microsoft Entra ID / Microsoft 365
  • Strong understanding of:
  • phishing and business email compromise
  • credential theft techniques
  • MFA bypass methods
  • identity-based attacks
• Experience working with SIEM or log analysis platforms
• Familiarity with network security concepts and secure access technologies

Preferred Qualifications

• Experience with Tanium
• Experience with Zscaler ZIA / ZPA
• Experience with Palo Alto Networks security platforms
• Knowledge of cloud security concepts in Azure environments
• Experience working with managed security providers or SOC teams

Key Skills

• Incident Response
• Threat Hunting
• Identity Security
• Endpoint Detection & Response
• Log Analysis
• Security Investigation
• Security Tool Integration
• Root Cause Analysis