SOC L1 Analyst, Information Security at Saviynt – Bengaluru, Karnātaka

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the worlds leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com.

We are building a next-generation Security Operations Center (SOC) designed for the cloud-first era. We are building an intelligent, automated SOC that combines deep cloud security expertise with robust automation to protect our organization from advanced threats.
We are seeking an enthusiastic and detail-oriented L1 SOC Analyst to join our 24/7 operations team as the first line of defense. This role is for a proactive individual who is passionate about cybersecurity and eager to learn. You will be responsible for monitoring our security platforms, performing initial analysis of alerts, and escalating potential threats to our L2/L3 analysts.
Please note: This is a 24/7 operational role. The SOC team works in three rotating shifts morning, afternoon, and night) to ensure continuous monitoring and response.

Real-Time Monitoring & Triage

Act as the first line of defense by continuously monitoring Jira tickets from security alerts on our SIEM, EDR, cloud, and email security platforms.
Perform initial triage of alerts to identify their priority, severity, and potential impact based on pre-defined criteria.
Follow documented Standard Operating Procedures (SOPs) to investigate, validate, and categorize alerts as true positives or false positives.

Alert Escalation & Documentation
Escalate all validated security incidents and potential threats to L2 Analysts for in-depth investigation and response.
Accurately and meticulously document all triage steps, findings, and communications in our incident management system/ticketing tool.
Assist in creating and updating basic reports on alert volumes and common incidents.

Using Automation & Security Tools

Utilize pre-built automation playbooks (SOAR) to enrich alerts with threat intelligence and contextual data to aid in triage.

Operate core security tools to gather initial data for investigations (e.g., check firewall logs, query EDR for process history, look up domain reputation).

Monitor cloud security dashboards (AWS, Azure) for high-priority alerts and common
misconfigurations, escalating as needed.

Collaboration & Shift Handovers

Communicate effectively with the team during shift handovers, ensuring a smooth transition of open alerts and ongoing issues.
Stay current with common attack vectors (e.g., phishing, malware) and basic threat intelligence.
Identify and report on security tool issues or alerts that are generating a high number of false positives.

Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience/certifications.
Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night).
0-2 years of experience in an IT, network operations, or security operations role.
Core Skills: Excellent attention to detail, strong analytical-thinking, and clear written and verbal communication skills.
Technical Fundamentals: A basic understanding of networking (TCP/IP), cloud security (AWS, Azure), AI and security fundamentals (malware, phishing, firewalls).
Cloud Familiarity: Familiarity with core cloud concepts (AWS, Azure, or GCP) is highly desirable.
Eagerness to Learn: A strong desire to learn and work with security automation (SOAR) platforms, SIEM, and EDR tools.
Preferred certifications: CompTIA Security+, Network+, or equivalent foundational
security certifications.

Be at the forefront of a modern, cloud-focused Security Operations Center.
Receive excellent training and mentorship to build a career in cybersecurity.
Gain foundational experience with cutting-edge cloud security, automation, and threat intelligence technologies.
A clear career path for growth into L2, L3, and other senior security roles.

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy

Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!