Principal Security Information Analyst

Principal Information Security Analyst (Tier 2)

As a Principal Information Security Analyst within Gen Digital’s global Security Operations Center (SOC), you will play a key role in strengthening threat detection and response across the organization.

The role focuses on improving SOC monitoring and detection processes through technical expertise, continuous development, and close collaboration with other security teams.  
 

In this position, you will serve as a senior specialist, leading automation and detection engineering efforts, mentoring junior analysts and contributing to projects that enhance security visibility and overall SOC performance. 

Operating in a follow-the-sun model, the SOC ensures 24/7 global coverage, with regional teams working during their respective business hours and sharing on-call responsibilities for weekend. 

Key Responsibilities:

• Monitor, analyze, and correlate security alerts and events across multiple platforms (SIEM, WAF, EDR, email, cloud, network, and threat intelligence tools) to identify and validate suspicious or malicious activity  
• Continuously develop and fine-tune detection rules, correlation searches, security policies, and dashboards to improve visibility, reduce false positives, and increase alert accuracy across security platforms  
• Support and mentor Tier 1 analysts in alert triage, escalation quality, and use of tools  
• Collaborate with security engineers on automation and enrichment initiatives to streamline operational workflows and improve detection efficiency  
• Maintain complete and up-to-date documentation for all detection use cases, workflows and process improvements  
• Participate in security projects and collaborate with internal stakeholders (e.g., Incident Response, Security Engineering, Application Security, and IT) to enhance detection coverage, visibility, and response capabilities  
• Support the execution of incident response playbooks  

Qualification and Work Experience:

• Bachelor's degree in IT or a related field.
• 3–5 years of hands-on experience in SOC operations, cybersecurity monitoring, or related areas such as detection engineering or threat analysis  
• Solid understanding of networking concepts (TCP/IP, DNS, HTTP/S) and how they apply to security monitoring and threat analysis  
• Strong knowledge of cybersecurity principles, common attack techniques, and threat types (e.g., phishing, malware, brute force, web application attacks)  
• Proven experience working with security logs, alerts, and structured data across multiple platforms (SIEM, EDR, WAF, cloud, and network telemetry)  
•  Hands-on experience with SIEM platforms - Splunk preferred - including detection content development, rule tuning, and dashboard creation  
• Familiarity with Web Application Firewall (WAF) technologies and the ability to analyze or tune related alerts and policies  
• Understanding of cloud security concepts and experience with monitoring tools for major providers (AWS, Azure, GCP)  
• Working knowledge of scripting or automation (e.g., Python, PowerShell, or API-based integrations) to support analysis and enrichment workflows  
• Experience using AI-based tools to support daily SOC operations, including data analysis, investigation, documentation, and collaboration  
• Strong analytical and problem-solving skills with attention to detail and curiosity for continuous learning  
• Effective communication and documentation skills in English, both written and verbal  
• Experience collaborating across teams (e.g., Security Engineering, Incident Response, Application Security) on detection improvements or automation projects  
• Prior experience in a Security Operations Center (SOC) or similar environment is highly preferred  
• Familiarity with the fintech environment or experience supporting financial services infrastructure is considered a strong advantage