Log In

Don't have an account? Sign up now

Lost Password?

Sign Up

Security Operations Specialist Full Time


SOC L2 Analyst — Wazuh & Threat Detection

Early SOC Hire • Bengaluru, Karnataka • Full Time

Department

Security Operations Center (SOC)

Reports To

Founder & CEO

Experience

2–4 Years in Security Operations / SOC

Location

Bengaluru (On-site, Whitefield office)

Shift

Rotational (24×7 SOC coverage — day/night shifts)

Salary Range

~₹6 – ₹8 LPA (Salary will be based on skills, fit and experience)

Notice Period

Immediate to 30 days preferred

About DigiFortex Technologies

DigiFortex is a CERT-In empanelled and CREST accredited cybersecurity firm headquartered in Bengaluru, with presence across 170+ countries. We serve Fortune 500 companies, Government of India ministries, BFSI institutions, and global enterprises across VAPT, GRC, vCISO, and NextGen SOC services. Our team holds 17 US patents including 4 in Cybersecurity and has been recognized by the Government of Karnataka as an emerging cybersecurity startup.

We are strengthening our SOC practice. You will have direct visibility to the CEO, shape the SOC processes, and grow as the practice scales.

Role Overview

As the SOC hire at DigiFortex, you will be the anchor of our 24×7 Security Operations Center. You will deploy, manage, and tune our Wazuh-based SIEM environment, triage and investigate security alerts, handle incident response for client environments, and deliver clear, actionable reports. You will work closely with the founding team and directly impact how our SOC service is built and delivered.

Key Responsibilities

SIEM & Wazuh Operations

•    Deploy and configure Wazuh agents across client environments (Linux & Windows)

•    Write and tune custom Wazuh detection rules (XML) to reduce false positives

•    Configure decoders for non-standard log sources

•    Build and maintain OpenSearch/Kibana dashboards for client-facing visibility

•    Manage Wazuh manager health, indexer performance, and agent connectivity

•    Will be responsible for integrations with other tools

Alert Triage & Incident Response

•    Monitor security alerts across all client environments — 24×7 on shift rotation

•    Perform Level 1 and Level 2 investigation of alerts; escalate critical incidents

•    Correlate alerts to identify attack patterns using MITRE ATT&CK framework

•    Investigate Windows Event Logs, firewall logs, DNS logs, and endpoint activity

•    Contain and remediate incidents in coordination with client IT teams

Threat Intelligence & Hunting

•    Enrich alerts using threat intel sources — VirusTotal, AbuseIPDB, Shodan, MISP

•    Proactively hunt for indicators of compromise (IOCs) across client environments

•    Track emerging CVEs and ensure detection coverage is updated

Reporting & Client Communication

•    Prepare daily/weekly security summary reports for clients

•    Write clear, client-readable incident reports — technical detail for IT, executive summary for CISOs

•    Participate in monthly review calls with clients

•    Document SOC runbooks, playbooks, and procedures

SOC Process Building (Role Responsibility)

•    Help define alert triage workflows, escalation procedures, and SLA tracking

•    Evaluate and integrate complementary tools — TheHive, Shuffle SOAR, MISP

•    Train and mentor L1 analysts (freshers) joining the team

Required Skills & Proficiency

Skill Area

What We Expect

Priority

Linux Administration

CLI proficiency — logs, grep, awk, systemctl, file navigation

Must Have

Wazuh SIEM

Agent deployment, rule writing (XML), decoder config, dashboard creation

Must Have

Windows Security

Event Log IDs (4624, 4625, 4648, 4688, 4698), AD attack patterns

Must Have

Networking

TCP/IP, OSI, reading firewall/DNS/DHCP logs for anomalies

Must Have

MITRE ATT&CK

Know 20+ techniques; map alerts to tactics and techniques

Must Have

Incident Documentation

Write client-readable reports with executive summaries

Must Have

Threat Intel Tools

VirusTotal, AbuseIPDB, Shodan, MISP — enrichment workflow

Strong Plus

SOAR / Automation

Shuffle, TheHive, or any case management/automation tool

Strong Plus

Python / Bash

Scripting for alert enrichment, log parsing, automation

Strong Plus

Cloud Log Sources

AWS CloudTrail, Azure Activity Logs, M365 Defender logs

Good to Have

Alternate SIEMs

Splunk, ELK, QRadar — transferable knowledge

Good to Have

Certifications

CEH, Security+, OSCP — signals initiative, not mastery

Good to Have

What We Are Really Looking For

Certifications matter less than hands-on instinct. We will assess you on real scenarios, not theory. The ideal candidate:

•    Investigates first, panics never — stays calm and methodical during incidents

•    Thinks like an attacker — understands the ‘why’ behind alerts, not just the ‘what’

•    Communicates clearly — can explain a critical incident to a non-technical CFO in plain English

•    Owns their shift — no alert goes unexamined, no SLA is missed without escalation

•    Builds, doesn’t just operate — proactively improves runbooks, rules, and processes

•    Is hungry to grow — this is a founding role; we reward performance fast

How We Will Assess You

We do not rely on theoretical interviews. Expect the following:

•    Round 1 — Practical Scenario Test:

◦    “A Windows host generates Event ID 4648 at 2am from an unusual process. Walk us through your full investigation.”

◦    “You see 500 failed SSH attempts followed by one success. What are your next 5 actions?”

•    Round 2 — Wazuh Rule Writing:

◦    Write a rule to detect a new local administrator account creation on Windows

◦    Explain how you would reduce false positives for a noisy authentication rule

•    Round 3 — Log Analysis Exercise:

◦    Review a sample log file and identify anomalies

◦    Map findings to MITRE ATT&CK tactics

•    Round 4 — Report Writing Sample:

◦    Write a 1-page incident summary from a given scenario — for both a technical audience and a C-suite audience

Compensation & Growth

Fixed CTC

~₹6 – ₹8 LPA (Salary will be based on skill, experience and fitment)

Variable

Performance bonus linked to SOC SLA metrics and client satisfaction

Review Cycle

6-month review given the growth stage of the practice

Growth Path

SOC L2 → SOC Lead → SOC Manager as the team scales

Exposure

Direct access to Founder & CEO; shape the SOC from ground up

Client Portfolio

Govt of India ministries, Fortune 500, BFSI, Global enterprises

Certifications

Company-sponsored up-skilling for relevant certifications

Why Join DigiFortex SOC

•    As early employee, your work directly shapes a practice at a CERT-In + CREST firm

•    Work on real Government, BFSI, and enterprise environments — not simulations

•    Gain exposure to the full security stack: VAPT, GRC, DFIR, Cloud Security alongside SOC

•    Fast-track growth — we promote on merit, not tenure

•    Be part of a team with 17 US patents and clients across 170+ countries

How to Apply

Send your resume and a brief note (max 200 words) on a real incident you have investigated or a CTF/home lab challenge you are proud of, to:

Email: careers@digifortex.com;

Subject Line: SOC L2 Application — [Your Name]

Website: www.digifortex.com

Note: We shortlist based on the quality of your incident note, not just your resume.

A candidate with a well-described home lab or CTF story will rank above a certificate holder with no hands-on context.

  • Job Overview

    • ID: 21403
    • Date Posted:
    • Job Title: Security Operations Specialist
      • Apply for job

      Apply For This Job

      • Send Application
      • Apply with Resume
      Upload your CV/resume or any other relevant file. Max. file size: 1 GB.

      You can apply to this job and others using your online resume. Click the link below to submit your online resume and email your application to this employer.