InfoSec L1 SOC Analyst

POSITION SUMMARY
Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The Information Security Strategy & Risk Management team at Zoetis ensures a secure strategy through a disciplined process of making colleagues security savvy, driving down residual risk, reducing the attack surface, all while enabling the business. This team is responsible for critical services that strengthen Zoetis' security posture, including protecting sensitive data, identifying and mitigating cyber threats and seamlessly integrating secure assets during organizational changes. Key functions within the team include Security Operations, Vulnerability Management, Threat Intelligence, Security Awareness, Mergers & Acquisitions Security and Operational Technology (OT) Security. Through these services, the team empowers the organization to operate securely and efficiently in a dynamic digital environment.

The SOC Analyst will work closely with onshore security teams to support day-to-day monitoring, triage and investigation of alerts across Zoetis. This role plays an essential part in ensuring the reliability and responsiveness of security operations, with a focus on accurate alert handling and continuous improvement in detection and response workflows.
The SOC Analyst will assist in the investigation of suspicious activity, escalation of potential incidents and documentation of response actions. This individual will gain hands-on experience with security technologies such as EDR, SIEM and threat intelligence tools while supporting ongoing tuning efforts and participating in post-incident reviews. Working as part of a global 24/7/365 team, the analyst will collaborate closely with peers and senior analysts to strengthen the SOC’s ability to detect, analyze and respond to cyber threats across the enterprise.

POSITION RESPONSIBILITIES   

 Percent of Time 
•    Partner with onshore SOC and incident response teams to triage, escalate and assist in the investigation of endpoint-related alerts using CrowdStrike EDR and SIEM.
•    Analyze and interpret SIEM detections and endpoint telemetry to understand alert context, assess severity and support appropriate response actions.
•    Contribute feedback on alert fidelity by documenting false positives, missed detections and behavioral anomalies encountered during investigations.
•    Support efforts to improve endpoint visibility by assisting with sensor health checks, basic policy verification and telemetry validation activities.
•    Participate in investigations of suspicious activity by gathering relevant data from EDR, SIEM and threat intelligence sources to aid in root cause analysis.
•    Collaborate with senior analysts and cross-functional teams such as Threat Intel, Vulnerability Management, OT and Incident Response to contextualize alerts and broaden investigative scope.
•    Assist in reviewing and updating incident response playbooks and SOPs to ensure alignment with current tools and team workflows.
•    Follow established escalation procedures, documenting investigative steps clearly and contributing to knowledge sharing within the team.
•    Help monitor the effectiveness of detections and response actions by tracking alert trends and contributing to internal metrics and reporting.
•    Stay informed on emerging threats, attacker behaviors and security platform updates to continue building knowledge and improving investigation skills.    100%

ORGANIZATIONAL RELATIONSHIPS
•    Collaborates closely with onshore security teams, including Security Operations, Vulnerability Management, Threat Intelligence, Operational Technology (OT), IDAM, Cloud Security and Security Awareness.
•    Works with cross-functional teams such as Infrastructure, Application Development and Cloud Engineering to ensure seamless integration and operation of security tools.
•    Partners with Identity and Access Management teams to implement and maintain secure access controls.
•    Engages with external vendors and service providers to evaluate and integrate third-party security solutions.
•    Coordinates with internal stakeholders to align security initiatives with business objectives and compliance requirements.

EDUCATION AND EXPERIENCE 

Education:
•    University Degree in Computer Science or Information Systems is required 
•    MS or advanced identity courses or other applicable certifications is desirable, including
o    Certified Information Systems Security Professional (CISSP) 
•    Relevant certifications in infrastructure security and vulnerability management, such as SANS GCIH, Offensive Security Certified Professional (OSCP) are highly preferred.

Experience:
•    A minimum of 4+ years of relevant experience with a strong background in security operations, CrowdStrike EDR, threat intelligence and security engineering. 
•    1+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
•    Experience working with global teams across multiple time zones.
•    Demonstrated ability to work within diverse technical teams.

TECHNICAL SKILLS REQUIREMENTS

•    Working knowledge of security technologies such as EDR (CrowdStrike), SIEM platforms and basic exposure to threat intelligence and detection concepts.
•    Basic familiarity with scripting or automation using Python, PowerShell, or Bash to support investigation workflows and alert enrichment.
•    Exposure to cloud platforms (AWS, Azure, GCP) and a general understanding of cloud security fundamentals relevant to monitoring and response.
•    Foundational understanding of network security principles, including firewalls, IDS/IPS, VPNs and modern access models like zero-trust.
•    Experience working with or exposure to identity and access management (IAM) solutions such as Azure AD, Secret Server, or SailPoint in a security operations context.
•    Understanding of core incident response processes, basic threat detection workflows and the role of vulnerability management in SOC operations.
•    Awareness of encryption technologies, secure communication protocols and security best practices relevant to threat detection.
•    Strong analytical thinking and the ability to interpret alert data, logs and telemetry to identify unusual patterns or behaviors.
•    Familiarity with security compliance standards (e.g., GDPR, HIPAA, PCI DSS) and how they relate to incident documentation and escalation.
•    Clear and professional communication skills, with the ability to document investigations and contribute effectively within a global security team.

PHYSICAL POSITION REQUIREMENTS
•    Flexibility to participate in a rotating shift schedule that includes day shifts, night shifts, and overnight shifts to support 24x7 operations. Flexibility to provide off-hours escalation support for high-priority incidents (P1, P2) as needed.