InfoSec L2 SOC SME EDR

POSITION SUMMARY
Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The Information Security Strategy & Risk Management team at Zoetis ensures a secure strategy through a disciplined process of making colleagues security savvy, driving down residual risk, reducing the attack surface, all while enabling the business. This team is responsible for critical services that strengthen Zoetis' security posture, including protecting sensitive data, identifying and mitigating cyber threats, and seamlessly integrating secure assets during organizational changes. Key functions within the team include Security Operations, Vulnerability Management, Threat Intelligence, Security Awareness, Mergers & Acquisitions Security, and Operational Technology (OT) Security. Through these services, the team empowers the organization to operate securely and efficiently in a dynamic digital environment.

The Sr. SOC Analyst (EDR SME) will work closely with onshore security teams to support, enhance, and mature endpoint detection and response capabilities across Zoetis. This role will focus on ensuring the reliability, accuracy, and effectiveness of CrowdStrike EDR detections, policies, and response actions, proactively identifying gaps in endpoint visibility and detection coverage. The Sr. SOC Analyst will also contribute to tuning existing detections, investigating suspicious activity, and enabling advanced response capabilities to meet evolving threat landscapes and business needs. Through strong collaboration and deep subject matter expertise, this position will play a critical role in strengthening the SOC’s ability to detect, investigate, and respond to endpoint-based threats.

POSITION RESPONSIBILITIES
• Partner with onshore security teams to operationalize, maintain, and enhance endpoint detection and response capabilities using CrowdStrike EDR.
• Optimize the performance, reliability, and effectiveness of endpoint detections, response actions, and policy configurations to ensure comprehensive threat coverage.
• Identify opportunities for improving endpoint visibility and detection by analyzing current workflows, detection logic, and endpoint behaviors across the environment.
• Support the continuous tuning and refinement of CrowdStrike detection rules, custom IOAs, and event correlation strategies to reduce false positives and improve alert fidelity.
• Collaborate across multiple Information Security functions, including Security Operations, Threat Intelligence, Vulnerability Management, and Incident Response, to align on endpoint-focused detection strategies.
• Monitor the effectiveness of EDR detections, prevention policies, and response workflows, and provide recommendations for continuous improvement.
• Assist in the deployment and configuration of CrowdStrike sensors across endpoints, ensuring proper coverage, policy enforcement, and telemetry ingestion.
• Provide technical expertise and guidance to both onshore and offshore teams to support incident investigations, containment actions, and root cause analysis tied to endpoint threats.
• Contribute to the development and maintenance of documentation, playbooks, and standard operating procedures for endpoint monitoring, response, and threat containment.
• Stay up to date with emerging endpoint threats, attacker tradecraft, and CrowdStrike platform capabilities to proactively improve detection and response posture. 100%

ORGANIZATIONAL RELATIONSHIPS.
• Collaborates closely with onshore security teams, including Security Operations, Vulnerability Management, Threat Intelligence, and Security Awareness.
• Works with cross-functional teams such as Infrastructure, Application Development, and Cloud Engineering to ensure seamless integration and operation of security tools.
• Partners with Identity and Access Management teams to implement and maintain secure access controls.
• Engages with external vendors and service providers to evaluate and integrate third-party security solutions.
• Coordinates with internal stakeholders to align security initiatives with business objectives and compliance requirements.

EDUCATION AND EXPERIENCE
Education:
• University Degree in Computer Science or Information Systems is required
• MS or advanced identity courses or other applicable certifications is desirable, including
o Certified Information Systems Security Professional (CISSP)
• Relevant certifications in infrastructure security and vulnerability management, such as Offensive Security Certified Professional (OSCP), GIAC Certified Vulnerability Assessor (GCVA), or Certified Ethical Hacker (CEH), are highly preferred

Experience:
• A minimum of 6+ years of relevant experience with a strong background in security operations, CrowdStrike EDR, threat intelligence and security engineering.
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Demonstrated ability to work within diverse technical teams.

TECHNICAL SKILLS REQUIREMENTS

Strong knowledge of security tools and technologies, such as CrowdStrike EDR, SIEM, Threat Intelligence and detection engineering.

• Proficiency in scripting and automation using languages such as Python, PowerShell, or Bash to streamline security processes.
• Experience with cloud security tools and platforms (e.g., AWS, Azure, GCP) and securing cloud-native environments.
• Solid understanding of network security concepts, including firewalls, IDS/IPS, VPNs, and zero-trust architectures.
• Familiarity with identity and access management (IAM) solutions, such as Azure AD, Secret Server, and Sailpoint.
• Knowledge of threat detection, incident response, and vulnerability management processes and tools.
• Experience with container security and DevSecOps practices.
• Strong understanding of encryption technologies, key management, and secure coding practices.
• Ability to analyze and interpret security data to identify trends, vulnerabilities, and potential threats.
• Familiarity with regulatory requirements and compliance standards (e.g., GDPR, HIPAA, PCI DSS).
• Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS
Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)