InfoSec L2 SOC Analyst

POSITION SUMMARY
Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The Information Security Strategy & Risk Management team at Zoetis ensures a secure strategy through a disciplined process of making colleagues security savvy, driving down residual risk, reducing the attack surface, all while enabling the business. This team is responsible for critical services that strengthen Zoetis' security posture, including protecting sensitive data, identifying and mitigating cyber threats and seamlessly integrating secure assets during organizational changes. Key functions within the team include Security Operations, Vulnerability Management, Threat Intelligence, Security Awareness, Mergers & Acquisitions Security and Operational Technology (OT) Security. Through these services, the team empowers the organization to operate securely and efficiently in a dynamic digital environment.

The Senior SOC Analyst will work closely with onshore security teams to support, investigate and respond to alerts across Zoetis. This role is focused on ensuring the reliability, accuracy and effectiveness of information security operations, with an emphasis on continuous improvement of detection and response capabilities. The Senior SOC Analyst will proactively identify gaps in endpoint visibility, detection coverage and alert fidelity and work to address them through technical tuning and deeper investigation.
In this role, the Senior SOC Analyst will contribute to the tuning of existing detections, the investigation of suspicious activity and the enablement of advanced response capabilities aligned with the evolving threat landscape and business needs. This individual will also serve as a technical leader within the SOC, collaborating closely with peers, mentoring junior analysts and driving improvements to processes and playbooks. Through strong collaboration and subject matter expertise, the analyst will play a key role in strengthening the SOC’s ability to detect, analyze and respond to cyber threats across the enterprise.

POSITION RESPONSIBILITIES
• Partner with onshore SOC and incident response teams to investigate, triage and respond to endpoint-related alerts using CrowdStrike EDR/SIEM.
• Analyze and interpret SIEM detections, including custom IOAs and event telemetry, to determine severity, scope and appropriate containment actions.
• Support the continuous tuning of detections by providing feedback on false positives, missed detections and behavioral patterns observed during investigations.
• Identify gaps in endpoint visibility and contribute to efforts aimed at improving sensor coverage, policy enforcement and telemetry quality across the environment.
• Perform deep-dive investigations on suspicious endpoint activity, leveraging threat intelligence, historical telemetry and correlated data from other security tools.
• Collaborate with Threat Intel, Vulnerability Management, Operational Technology (OT) and Incident Response teams to align on threat detection strategies and contextualize alerts with business impact.
• Assist in maintaining and improving incident response playbooks and SOPs related to endpoint threats, ensuring alignment with current tools and tactics.
• Act as a technical escalation point for junior analysts, offering guidance on investigative approaches, threat classification and containment procedures.
• Monitor and report on the effectiveness of SIEM/EDR detections, prevention rules and response workflows, with an eye toward continuous improvement.
• Stay current on emerging endpoint threats, attacker TTPs and updates to the CrowdStrike platform to ensure investigative techniques remain effective. 100%

ORGANIZATIONAL RELATIONSHIPS
• Collaborates closely with onshore security teams, including Security Operations, Vulnerability Management, Threat Intelligence, Operational Technology (OT), IDAM, Cloud Security and Security Awareness.
• Works with cross-functional teams such as Infrastructure, Application Development and Cloud Engineering to ensure seamless integration and operation of security tools.
• Partners with Identity and Access Management teams to implement and maintain secure access controls.
• Engages with external vendors and service providers to evaluate and integrate third-party security solutions.
• Coordinates with internal stakeholders to align security initiatives with business objectives and compliance requirements.

EDUCATION AND EXPERIENCE
Education:
• University Degree in Computer Science or Information Systems is required
• MS or advanced identity courses or other applicable certifications is desirable, including
o Certified Information Systems Security Professional (CISSP)
• Relevant certifications in infrastructure security and vulnerability management, such as SANS GCIH and Offensive Security Certified Professional (OSCP) are highly preferred.

Experience:
• A minimum of 7+ years of relevant experience with a strong background in security operations, CrowdStrike EDR, threat intelligence and security engineering.
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Demonstrated ability to work within diverse technical teams.

TECHNICAL SKILLS REQUIREMENTS

• Strong working knowledge of security technologies including EDR (CrowdStrike), SIEM platforms, threat intelligence tools and detection engineering concepts.
• Hands-on experience with scripting or automation (Python, PowerShell, Bash) to streamline investigation workflows and enrich alerts.
• Familiarity with cloud platforms (AWS, Azure, GCP) and understanding of key cloud security concepts and controls relevant to threat detection and response.
• Solid grasp of core network security principles including firewalls, IDS/IPS, VPNs and zero-trust access models.
• Exposure to identity and access management (IAM) solutions such as Azure AD, Secret Server and SailPoint, especially in the context of incident investigations.
• Understanding of incident response processes, threat detection methodologies and vulnerability management workflows.
• Awareness of cryptographic concepts, key management practices and secure coding principles as they relate to threat analysis and risk assessment.
• Strong analytical skills with the ability to review and interpret large volumes of security data to detect patterns, anomalies and threats.
• Basic understanding of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI DSS) and their impact on security operations.
• Excellent verbal and written communication skills, with the ability to clearly articulate technical findings to both technical and non-technical stakeholders.

PHYSICAL POSITION REQUIREMENTS
• Flexibility to participate in a rotating shift schedule that includes day shifts, night shifts, and overnight shifts to support 24x7 operations. Flexibility to provide off-hours escalation support for high-priority incidents (P1, P2) as needed.