L2 SOC Analyst at Saviynt

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com. What You Will Be Doing Incident Triage & Investigation ● Serve as the primary escalation point for alerts triaged by L1 analysts. ● Conduct detailed analysis of security alerts from a wide range of sources (SIEM, EDR, CSPM, Cloud-native tools) to validate threats and determine their scope. ● Investigate security incidents in our enterprise and cloud environments (AWS, Azure, GCP), correlating data to build a complete picture of attacker activity. ● Perform deep-dive analysis of logs, kubernetes containers, and endpoint data to identify indicators of compromise (IOCs). Incident Response & Automation ● Execute and tune automated response playbooks using our SOAR platform for common security incidents. ● Perform timely incident response actions, such as isolating compromised hosts, blocking malicious IPs/domains, and disabling compromised accounts. ● Utilize and modify existing scripts (primarily Python) to assist with automated evidence collection and enrichment. ● Document all investigation steps, findings, and containment actions in our incident management system. Threat Hunting & Cloud Monitoring ● Participate in hypothesis based threat hunting campaigns based on new threat intelligence or hypotheses developed by senior analysts. ● Actively monitor and analyze security logs from cloud-native tools (e.g., AWS GuardDuty, CloudTrail,Cloudflare, Azure,etc.) and kubernetes containers. ● Assist in tuning detection rules and identifying false positives to help improve the fidelity of our security alerts. Continuous Improvement & Collaboration ● Escalate complex, high-severity, or unresolved incidents to L3 Analysts and the Incident Response team with detailed handover notes. ● Contribute to the refinement of SOC documentation, including Standard Operating Procedures (SOPs) and investigation runbooks. ● Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis. What You Bring ● Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience. ● Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night). ● 4-6 years of experience in a Security Operations (SOC) environment, with demonstrated L2 capabilities. ● Cloud & Container Security Experience: Hands-on experience monitoring and responding to alerts in at least one major cloud provider (AWS, Azure, or GCP); fundamental knowledge on container security ● Technical Expertise: Strong, hands-on experience with SIEM (e.g., CrowdStrike, Splunk, QRadar, Azure Sentinel) and EDR (e.g., CrowdStrike, SentinelOne) platforms. ● AI/Automation Familiarity: Experience using a SOAR platform and familiarity with AI tools and their practical implementation. ● Strong working knowledge of the MITRE ATT&CK framework and its application to incident analysis. Why Join Us ● Be at the forefront of a modern, cloud-focused Security Operations Center. ● Gain deep, hands-on experience with cutting-edge cloud security, automation, and threat intelligence technologies. ● A clear career path for growth into L3, threat hunting, or automation engineering roles. ● Collaborate with world-class security and engineering leaders in a high-impact, operational role. If required for this role, you will: - Complete security & privacy literacy and awareness training during onboarding and annually thereafter - Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): > Data Classification, Retention & Handling Policy > Incident Response Policy/Procedures > Business Continuity/Disaster Recovery Policy/Procedures > Mobile Device Policy > Account Management Policy > Access Control Policy > Personnel Security Policy > Privacy Policy Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us! Saviynt is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.