L1 SOC Analyst - Splunk, SPL, Crowdstrike

Location : Hyderabad, Bangalore

Experience : 2 to 4 years

Duties and Responsibilities :

• Hands-on content (use case) development experience using SIEM query languages (Splunk SPL, Kusto Query). 

• Splunk on prem and cloud experience. 

• Strong understanding of security event logging, parsing, and correlation. 

• Design and customize complex search queries, develop dashboards, data models, reports and optimize their performance 

• Understanding of the MITRE ATT&CK framework 

• Experience working with various technical departments to enhance threat detections of deployed SIEMs. 

• Monitor and analyze security s, incidents, and logs generated from CrowdStrike Falcon EDR platform. 

• Perform triage, investigation, and response to endpoint-related security incidents. 

• Conduct threat hunting and proactive analysis to identify suspicious or malicious activity across endpoints. 

• Strong knowledge of CrowdStrike Falcon (policies, detections, investigations, RTR, dashboards). 

• Experience in endpoint investigation and forensics (Windows, Linux, macOS). 

• Familiarity with MITRE ATT&CK framework and common adversary tactics, techniques, and procedures (TTPs).

 Desired Technical Skills 

• Bachelor’s degree in computer science, Information Technology, or related field. 

• 3+ years of relevant experience required. 

• Splunk Enterprise Security Certified Admin is preferred, CISSP, CISM, or equivalent cybersecurity certifications are good to have. 

• Experience with SIEM (Splunk), EDR (CrowdStrike), and other cybersecurity tools. 

• Strong understanding of security operations concepts, including threat hunting, incident response, and malware analysis. 

• Familiarity with scripting languages (Splunk SPL, Bash) 

• Excellent analytical skills, with the ability to assess complex security issues and formulate effective solutions.