Security Analyst II

About Gruve

Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.

About The Role

We are seeking a highly skilled Security Analyst (Level 2) to join our MSSP SOC team. The ideal candidate will have expertise in SIEM (Splunk, QRadar), XDR/EDR solutions, and security analysis with hands-on experience in investigating and responding to security alerts. This role requires proficiency in reviewing and analyzing Level 1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have basic SIEM administration knowledge and Python scripting skills for troubleshooting and playbook development.

Key Responsibilities

• Threat Detection & Response: Analyze and investigate security alerts, events, and incidents generated by SIEM, XDR, and EDR solutions.
• Incident Investigation & Handling: Conduct in-depth security incident investigations, assess impact, and take appropriate actions.
• Incident Escalation & Communication: Escalate critical incidents to Level 3 analysts or senior security teams while maintaining detailed documentation.
• Content Management: Develop and fine-tune correlation rules, use cases, and alerts in SIEM/XDR platforms to improve detection accuracy.
• Malware Analysis: Perform basic malware analysis and forensic investigation to assess threats.
• Customer Request Handling: Collaborate with customers to address security concerns, provide recommendations, and respond to inquiries.
• SIEM Administration: Assist in the administration and maintenance of SIEM tools like Splunk or QRadar, ensuring smooth operations.
• Automation & Playbooks: Utilize Python scripting for automation, troubleshooting, and playbook development to enhance SOC efficiency.
• Reporting & Documentation: Prepare detailed reports on security incidents, trends, and mitigation strategies.
  
  

Basic Qualifications

• B.E/B. Tech degree in computer science, Information Technology, Masters in Cybersecurity
• 3+ years of experience in a SOC or cybersecurity operations role.
• Strong knowledge of SIEM tools (Splunk, QRadar) and XDR/EDR solutions.
• Hands-on experience in threat detection, security monitoring, and incident response.
• Knowledge of network security, intrusion detection, malware analysis, and forensics.
• Basic experience in SIEM administration (log ingestion, rule creation, dashboard management).
• Proficiency in Python scripting for automation and playbook development.
• Good understanding of MITRE ATT&CK framework, security frameworks (NIST, ISO 27001), and threat intelligence.
• Strong analytical, problem-solving, and communication skills.
• Ability to work in a 24x7 SOC environment (if applicable)
  
  

Preferred Qualifications

• Certified SOC Analyst (CSA)
• Certified Incident Handler (GCIH, ECIH)
• Splunk Certified Admin / QRadar Certified Analyst
• CompTIA Security+ / CEH / CISSP (preferred but not mandatory
  
  

Why Gruve

At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.

Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.