Squad Operations Senior Associate (TDR, IAM, VM, SecOps)

The Cybersecurity L2 Analyst acts as an advanced technical contributor responsible for incident investigation platform operations vulnerability analysis IAM operations and cross-tower support across TDR IAM VM and SecOps. This role performs deeper analysis than L1 handles escalationsoptimizesdetection logic drives improvements and ensures operational excellence. The L2 Analyst collaborates with L3 engineering teams platform teams and client stakeholders to ensure a stable resilient and effective cybersecurity environment.

• Share and collaborate effectively with others creating a positive team spirit.

• Identify and make suggestions for improvements when problems and/or opportunities arise.

• Validate data and analysis for accuracy and relevance.

• Follow risk management and compliance procedures.

• Keepup to datewith developments in your area of specialty.

• Communicate confidently in a clear concise and articulate manner - verbally and in written form.

• Seek opportunities to learn about the wider economy alongside the business models/corporate governance and/or regulatory environment of our clients.

• Uphold the firms code of ethics and business conduct.

Required Skills & Qualifications

• 36 years of relevant experience in SOC VM IAM or SecOps operations.

• Strong hands-on experience withSIEM EDR VM tools IAM platformsNetworkSecurity tools likeWeb Email gateway DLPand ITSM systems.

• Proficient in creating detection logic correlation rules and performing threat analysis.

• Solid understanding ofnetworking OS security identity governance and vulnerability assessment methodologies.

• Strong communication documentation and analytical skills.

• Bachelors degree in Cybersecurity Computer Science Engineering or related field.

Preferred Skills

• Experience with scripting (Python PowerShell Bash).

• Knowledge of cloud platforms (Azure/AWS/GCP).

• Understanding of MITRE ATT&CK vulnerability scoring threat intelligence.

• Security certifications such as Security CEH AZ-900 ITIL& other relevant skill certifications.

Key Responsibilities:

Security Monitoring & Incident Response

• Monitor SIEM EDR and threat intel dashboards for advanced threat patterns.

• Conduct deep-dive investigations into suspicious activity and escalate to L3 as needed.

• Execute containment eradication and remediation actions on confirmed incidents (where preapproved).

• Perform advanced alert tuning write detection logic correlation rules and enrichment logic.

• Document investigation steps timelines actions taken conclusions and lessons learned.

Vulnerability Management & Risk Analysis

• Perform daily health checks on scanners credential states asset discovery and SLA breach monitoring.

• Run and analyze network container cloud agent-based and web-app scans.

• Maintain credential hygiene tag governance and asset deduplication.

• Validate false positives categorize exceptions and assign remediation tasks.

• Configure RBVM systems with threat-feed weighting MITRE ATT&CK mapping and crown-jewel tagging.

• Manage and document exception workflow review compensating controls evidence validation and SLA adjustments.

IAM Operations (L2 Level)

• Perform manual provisioning into enterprise applications (AD SAP JDE Oracle).

• Managecertificatelifecycle activities ensuring renewals before expiry.

• Execute SOP-driven IAM workflows for PAM IGA and Access Management.

• Validate IAM tickets for completeness risk and compliance beforeescalating.

• Provide evidence for audits related to provisioning/deprovisioning.

Operational Reporting & SLA Governance

• Produceweekly and monthly operational metrics SLA reports and deviation analysis.

• Identifyoutliers noise patterns abnormalities and propose tuning or process enhancements.

Application & System Maintenance (TDR IAM VM SecOps)

• Perform routine platform health checks backup verification scheduled job validation and ensure system stability.

• Validate multi-source log ingestion troubleshoot ingestion failures and coordinate with platform teams for fixes.

• Handle break-fix scenarios analyze root causes and implement corrective actions.

• Manage user administration for security tools (access roles entitlements).

Ticketing Queue Management & Workflow Assurance

• Oversee remediation ticket queues ensuringageingtickets are escalated or followed up appropriately& the mailbox for the inbound mails.

• Validate support requests (false positives exceptions reassignments) before escalating to L3.

Documentation Knowledge Management & Training

• Maintain detailed documentation of daily operations incident logs troubleshooting steps configuration changes and platform updates.

• Create and update SOPs runbooks playbooks training documents and knowledge articles.

• Provide training and knowledge transfer to L1 analysts and new joiners.

Continuous Improvement & Automation

• Identifyopportunities for automation using SOAR scriptingAIor workflow tools.

• Participate inPolicytuning and optimization of tools across SOC IAM VM and SecOps.

Compliance & Governance Support

• Assistinmaintainingcompliance with standards such as ISO 27001 SOC2 NIST GDPR.

• Support audit readiness through artifact preparation andevidencemaintenance.

Cross-Team Collaboration

• Work with cybersecurity architects platform engineers and client SMEs to address systemic issues.

• Participatein war rooms incident post-mortems and Root cause analysisdiscussions.

Customer Communication

• Providetimelyupdates to clients on investigations remediation progress and ticket status.

• Participate in operational review meetings to present operational insights.