Lead - SOC Analyst

Company Description

Organizations everywhere struggle under the crushing costs and complexities of “solutions” that promise to simplify their lives. To create a better experience for their customers and employees. To help them grow. Software is a choice that can make or break a business. Create better or worse experiences. Propel or throttle growth. Business software has become a blocker instead of ways to get work done.

There’s another option. Freshworks. With a fresh vision for how the world works.

At Freshworks, we build uncomplicated service software that delivers exceptional customer and employee experiences. Our enterprise-grade solutions are powerful, yet easy to use, and quick to deliver results. Our people-first approach to AI eliminates friction, making employees more effective and organizations more productive. Over 72,000 companies, including Bridgestone, New Balance, Nucor, S&P Global, and Sony Music, trust Freshworks’ customer experience (CX) and employee experience (EX) software to fuel customer loyalty and service efficiency. And, over 4,500 Freshworks employees make this possible, all around the world.

Fresh vision. Real impact. Come build it with us.

Job Description

We are seeking an experienced and proactive Lead SOC Analyst to join our Security Operations Center team. The ideal candidate will bring deep expertise in SIEM and EDR technologies, strong incident analysis capabilities, and hands-on experience in automating incident response using SOAR platforms, particularly Palo Alto Cortex XSOAR. This role involves leading investigations, refining detection and response processes, and mentoring junior analysts.

Key Responsibilities:

• Lead and manage security incident investigations, ensuring timely containment, eradication, and recovery.

• Administer and fine-tune SIEM (e.g., Splunk, QRadar, Sentinel) and EDR platforms (e.g., CrowdStrike, SentinelOne, Carbon Black).

• Analyze and triage alerts from multiple sources, correlating events to detect threats and breaches.

• Design, develop, and maintain automated playbooks using Cortex XSOAR (Demisto) to streamline response workflows.

• Create and update runbooks, documentation, and reporting metrics for incident response activities.

• Provide technical guidance and mentorship to SOC analysts.

• Conduct regular threat hunting to proactively identify potential compromises.
   
• ​​​​​​​Recommend improvements in security posture based on incident patterns and root cause analysis.

Qualifications

• 5-7 years of hands-on experience in a Security Operations Center environment.

• 1-2 years of experience in Cortex XSOAR (or equivalent) playbook development and SOAR automation.

• Strong knowledge of SIEM and EDR platforms, their configuration, log ingestion, tuning, and administration.

• Proficiency in analyzing Windows/Linux/Mac/Cloud logs, network traffic, and endpoint telemetry.

• Solid understanding of attack vectors, malware behavior, threat actors, and MITRE ATT&CK framework.

• Experience with scripting languages (e.g., Python, Bash) for automation and enrichment tasks.
   

Preferred Qualifications:

• Certifications such as GCIA, GCIH, CEH, CISSP, CySA+, or equivalent.

• Experience with threat hunting tools and methodologies.

• Knowledge of cloud-native security monitoring (AWS, Azure, GCP).

Soft Skills:

• Excellent communication and documentation skills.

• Strong analytical thinking and problem-solving abilities.

• Ability to prioritize tasks under pressure and handle escalations effectively.

• Leadership and mentoring capability in a fast-paced SOC environment.
   

Additional Information

At Freshworks, we are creating a global workplace that enables everyone to find their true potential, purpose, and passion irrespective of their background, gender, race, sexual orientation, religion and ethnicity. We are committed to providing equal opportunity for all and believe that diversity in the workplace creates a more vibrant, richer work environment that advances the goals of our employees, communities and the business.