Experience: 5 to 8 years
Location: Bangalore
Shift Type: Rotational Shift

About ColorTokens

ColorTokens specializes in advanced security solutions designed to safeguard organizations' assets and critical systems from cyber threats. Our flagship product, Xshield Enterprise Microsegmentation platform, empowers organizations to prevent initial compromises from escalating into damaging crises. By emphasizing proactive security measures, ColorTokens ensures comprehensive protection for critical workloads and data, enabling organizations to stay "breach ready."

With a clientele spanning some of the world's largest organizations, including prominent cancer research centers, cities, and national defense departments, ColorTokens serves industries handling sensitive information and subject to stringent regulatory requirements.

ColorTokens' cloud-delivered platform streamlines onboarding efforts and reduces maintenance costs for organizations. Providing pervasive protection, their platform covers data center servers, legacy systems, cloud workloads, containers, and operational technology (OT) and Internet of Things (IoT) devices.

The company's recognition as a Strong Performer in the Forrester New Wave™: Microsegmentation report solidifies ColorTokens' reputation as a trusted provider of microsegmentation solutions for organizations seeking to enhance their security posture.

Our culture

We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of world’s impactful organizations – be it a children’s hospital, or a city, or the defense department of an entire country.

Learn more at www.colortokens.com.

Role Overview

ColorTokens is looking for a skilled and detail-oriented Senior Security Analyst (L2) to support security operations within our Managed Security Operations Center (SOC). This role focuses on investigating security alerts, handling medium-to-high severity incidents, and supporting threat detection and response efforts. You will act as a key escalation point for L1 analysts while collaborating with senior team members on advanced investigations and response activities. The ideal candidate possesses deep technical expertise in cybersecurity, excellent analytical skills, and a strong understanding of modern attack techniques across IT and OT environments.

Key Responsibilities

  • Investigate and respond to medium and high-severity security alerts and incidents across customer environments.
  • Perform initial and intermediate forensic analysis on endpoints, network traffic, logs, and cloud platforms.
  • Analyze and correlate security data from multiple sources such as SIEM, EDR, NDR, and threat intelligence feeds.
  • Act as an escalation point for Tier 1 analysts for validated alerts and suspicious activities.
  • Assist in proactive threat hunting based on known indicators of compromise (IOCs) and basic TTP patterns.
  • Support the development and tuning of detection rules, SIEM use cases, and alerting mechanisms.
  • Execute and follow incident response playbooks; provide feedback for continuous improvement.
  • Document investigation findings, incident timelines, and remediation steps clearly and accurately.
  • Participate in incident response activities and support post-incident analysis under guidance from senior analysts.
  • Collaborate with internal teams (threat intelligence, engineering, and customer success) for incident resolution.
  • Contribute knowledge sharing and assist mentoring junior analysts when needed.

Required Skills & Qualifications

  • 5-8 years of experience in SOC operations, threat detection, incident response, or cybersecurity monitoring.
  • Good understanding of common attack techniques, threat vectors, and basic MITRE ATT&CK framework mapping.
  • Hands-on experience analyzing logs from SIEM, EDR, firewalls, and cloud platforms.
  • SIEM: Splunk, Microsoft Sentinel, QRadar
  • EDR/XDR: CrowdStrike, Microsoft Defender for Endpoint, SentinelOne
  • Basic exposure to NDR tools (Vectra, Darktrace, ExtraHop is a plus)
  • SOAR platforms (preferred but not mandatory): XSOAR, Splunk SOAR, Tines
  • Working knowledge of Windows, Linux systems, and network fundamentals (TCP/IP, DNS, HTTP/S)
  • Basic scripting or query skills (KQL, Python, Bash, or PowerShell)
  • Understanding of cloud environments (Azure/AWS) fundamentals

Qualifications:

  • Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience)

One or more advanced certifications preferred:

  • GIAC (GCIA, GCIH, GCFA, GNFA)
  • OSCP / OSEP
  • SC-200 / AZ-500 / CISSP
  • GICSP (for OT/ICS experience)

Preferred Qualifications

  • Strong problem-solving skills under pressure.
  • Excellent written and verbal communication (for RCA reports, executive briefings).
  • Ability to lead customer-facing incident response calls and postmortems.
  • Passion for staying current with threat landscape and evolving technologies.
  • Team player with mentoring mindset.

What We’re Looking For

  • Work on a cutting-edge cybersecurity product in a fast-paced startup environment.
  • Collaborate with a world-class team of engineers and security experts.
  • Opportunity to learn, grow, and make a real impact from day one.