SOC Lead Analyst at Saviynt – Bengaluru, Karnātaka

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the worlds leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com.

We are building a next-generation Security Operations Center (SOC) designed for the cloud-first era. We believe that effective security operations must evolve beyond traditional reactive methods. We are building an intelligent, automated SOC that combines deep cloud security expertise with robust automation to predict, prevent, and neutralize advanced threats faster than
ever.
We are seeking an L3 SOC Analyst - Cloud & Automation to serve as a senior technical expert and escalation point within our SOC. This role is for a hands-on-keyboard expert who thrives on hunting for advanced threats, automating responses, and mentoring junior analysts. You will be a key player in handling complex incidents, particularly those involving cloud environments, and
will be responsible for building and tuning the automation that allows our team to scale.

Advanced Threat Response & Escalation
Serve as the final technical escalation point for complex security incidents escalated from L1/L2 analysts.
Conduct in-depth forensic analysis of compromised systems, kubernetes containers, malware, and network traffic to determine the full scope of an incident (root cause,
impact, remediation).
Lead the response to high-severity security incidents, especially those originating in or targeting our cloud infrastructure (AWS, Azure).
Analyze and correlate data from diverse sources (e.g., SIEM, EDR, CSPM, cloud-native logs) to uncover sophisticated attack patterns.

Security Automation & Orchestration
Design, build, and maintain automated response playbooks in our SOAR platform to handle high-volume alerts and repetitive tasks.
Develop and maintain custom AI agents to automate evidence collection, alert enrichment, and containment actions.
Integrate security tools (EDR, SIEM, Cloud Security tools) via APIs to create seamless,
automated workflows.

Continuously identify and implement new automation opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).

Proactive Threat Hunting & Cloud Security
Proactively hunt for undetected threats across our enterprise and cloud environments using hypothesis-driven and intelligence-driven methods.
Act as a Subject Matter Expert (SME) for cloud security monitoring, utilizing native tools like AWS GuardDuty, CloudTrail, CrowdStrike, Proofpoint,etc.
Develop and tune advanced detection rules, SIEM correlation searches, and EDR queries based on new threat intelligence, hunting findings, and MITRE ATT&CK tactics.

Mentorship & Continuous Improvement
Mentor and provide technical guidance to L1 and L2 analysts, helping to build their analytical and technical skills.
Create and refine SOC documentation, including standard operating procedures (SOPs), runbooks, and incident response plans.
Analyze incident trends and automation metrics to provide recommendations for improving security posture, detection logic, and playbook effectiveness.

Bachelor’s degree in Computer Science, Information Security, or a related field.
6-10 years of experience in a Security Operations (SOC) environment, with at least 4 years in a senior analyst, threat hunter, or L2/L3 role.
Strong Cloud Security Skills: Deep, hands-on experience with security monitoring and incident response in at least one major cloud provider (AWS, Azure, or GCP).
Strong Automation & AI Skills: Proven ability to write scripts for automation with an ability to implement AI based automations for SOC use cases.
Technical Expertise: Hands-on experience with SOAR platforms (e.g., CrowdStrike Fusion, Splunk SOAR) and SIEMs (e.g., Splunk, QRadar, CrowdStrike Falcon).
Deep understanding of modern EDR solutions, container security, and host/system.
Expert-level knowledge of the MITRE ATT&CK framework and its application to threat hunting and detection engineering.

Be at the forefront of a modern, cloud-focused Security Operations Center.
Drive the automation strategy that defines how our SOC operates and scales.
Work with cutting-edge cloud-native security, automation, and threat intelligence technologies.
Collaborate with world-class security and engineering leaders in a high-impact, hands-on role.

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy

Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!