Senior / Lead SOC Analyst (IGT1 Lanka: Sitecore)

Company Description

About IGT1 Lanka 

IGT1 Lanka is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates. We’re also proud to be a sister company of IFS, Sri Lanka’s largest and most established technology company.

At IGT1 Lanka, we partner with global businesses to scale operations, accelerate innovation, and build world-class SaaS platforms through high-quality offshore delivery. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives.

With a team of over 300 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary.

Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives.

About the client: Sitecore 

Sitecore delivers a composable digital experience platform that empowers the world’s smartest and largest brands to build lifelong relationships with their customers. A highly decorated industry leader, Sitecore is the leading company bringing together content, commerce, and data into one connected platform that delivers millions of digital experiences every day. Thousands of blue-chip companies including American Express, Porsche, Starbucks, L’Oréal, and Volvo Cars rely on Sitecore to provide more engaging, personalized experiences for their customers.

Job Description

About the role: 

Sitecore is looking for a dedicated and detail-oriented Senior / Lead Security Analyst with a strong knowledge on Security Operations Center (SOC) functions to support our global cybersecurity operations. Based in Sri Lanka and working in the U.S. time zone, the Security Analyst will play a critical role in daily SOC activities, including incident triage, investigation, escalation, and reporting.

This position will support our 24x7x365 SOC operations and will involve rotational weekend coverage. The ideal candidate has experience working with SIEM platforms like Microsoft Sentinel, collaborating with Managed Security Service Providers (MSSPs), and has a strong understanding of threat detection and incident response processes.

Key Responsibilities

SOC Operations & Incident Management

• Monitor and respond to alerts generated by SIEM and other security platforms in real-time.
• Triage and investigate potential security incidents, escalating as needed per incident response procedures.
• Collaborate with the MSSP to ensure timely and accurate incident detection, analysis, and response.
• Document and track incidents from detection through resolution, including post-incident analysis and reporting.
• Develop and deploy automated security playbooks to improve incident response efficiency.

Threat Detection & Reporting

• Analyze log data and threat intelligence to identify patterns and potential indicators of compromise (IOCs).
• Produce clear, concise, and timely reports on incidents, trends, and operational metrics.
• Participate in daily SOC operations meetings and provide updates on ongoing investigations.
• Develop and implement security detection rules and correlation use cases to enhance threat visibility.
• Conduct proactive threat hunting using SIEM and EDR tools to identify potential security incidents.

Collaboration & Escalation

• Work closely with internal teams (IT, Product, R&D, GRC) to escalate and resolve security issues.
• Ensure all incidents are properly documented and communicated to stakeholders based on severity.

Tool Management & MSSP Coordination

• Utilize and support SIEM tools like Microsoft Sentinel for detection, correlation, and analysis.
• Work directly with MSSPs to monitor service levels, investigate escalated events, and continuously improve operations.
• Provide feedback and work with the Security Manager to refine SOC processes and improve incident response maturity.

Shift & Weekend Coverage

• Work hours aligned to U.S. Central or Eastern time zones.
• Participate in a rotational weekend schedule to support 24x7x365 SOC coverage.
• Be available for urgent escalations and high-priority incidents during assigned shifts.
• May involve occasional after-hours support for critical security incidents.

Qualifications

Preferred Skills and Experience: 

• 3–5 years of experience in a SOC, incident response, or cybersecurity operations role.
• Hands-on experience with SIEM tools, preferably Microsoft Sentinel.
• Familiarity with working alongside MSSPs in a 24x7 monitoring model.
• Strong understanding of incident response lifecycle, threat hunting, and alert triage.
• Strong analytical skills for proactive threat detection.
• Hands-on experience in developing and deploying automated security response playbooks.
• Hands-on experience in cloud environments Azure and AWS.
• Good knowledge of network security, log analysis, and common attack techniques.
• Strong communication skills and ability to write clear incident reports and documentation.
• Security certifications such as CySA+, CEH, GCIH, CISSP or similar are a plus.
• Ability to work independently, manage time across shifts, and prioritize tasks effectively.