Cybersecurity Senior SOC Analyst
IT
Mumbai, Maharashtra, India
Reporting To:
Associate Manager, SOCShift:
APAC (7:00 am - 4:00 pm IST) (India)About Russell Investments, Mumbai:
Russell Investments is a leading outsourced financial partner and global investment solutions firm providing a wide range of investment capabilities to institutional investors, financial intermediaries, and individual investors around the world. Building on an 90-year legacy of continuous innovation to deliver exceptional value to clients, Russell Investments works every day to improve the financial security of its clients. The firm is “Top 12 Ranked Consultant (2009-2024)” in P&I survey 2024 with $962 billion in assets under advisement (as of December 31, 2025) and $376.9 billion in assets under management (as of December 31, 2025) for clients in 30 countries. Headquartered in Seattle, Washington in the United States, Russell Investments has offices around the world, including London, New York, Toronto, Sydney, Tokyo, Shanghai – and has opened a new office in Mumbai, India in June 2023.
Joining the Mumbai office is an incredible opportunity to work closely with global stakeholders to support the technology and infrastructure that drives the investment and trading processes of a globally recognized asset management firm. Be part of the team based out of Goregaon (East) and contribute to the foundation and culture of the firm’s growing operations in India. The Mumbai office operates with varying shifts to accommodate time zones around the world.
For more information, please visit https://www.russellinvestments.com.
Job Description:
Minimum 5+ years of experience in Security Operations Center (SOC) or Cybersecurity Operations.
Monitor, triage, and investigate security alerts across SIEM, EDR, Email Security, DLP, Brand Protection, and other security platforms, ensuring timely identification and response to security incidents.
Perform advanced analysis of security events by correlating logs, alerts, endpoint telemetry, and threat intelligence to determine the scope, root cause, and business impact of incidents.
Lead incident response activities, including containment, eradication, recovery, forensic evidence collection, and post-incident reviews, in accordance with established playbooks and SLAs.
Investigate complex security incidents such as phishing, malware, insider threats, compromised accounts, data exfiltration, and advanced persistent threats (APTs), escalating when required.
Tune and optimize SIEM use cases, detection rules, EDR policies, and DLP controls to improve detection accuracy, reduce false positives, and enhance SOC effectiveness.
Support the onboarding, operationalization, and continuous improvement of new security technologies, ensuring monitoring use cases, documentation, and operational readiness are established.
Participate in proactive threat hunting activities using threat intelligence, behavioral analytics, and endpoint telemetry to identify emerging threats and improve detection coverage.
Develop, maintain, and enhance SOC playbooks, runbooks, investigation procedures, and knowledge articles to improve operational efficiency and consistency.
Mentor and provide technical guidance to junior SOC analysts, assisting with complex investigations, knowledge sharing, and skill development.
Collaborate with IT, Cloud, Infrastructure, Application, and Business teams to coordinate incident response, drive remediation efforts, and continuously improve the organization's security posture.
Candidate Requirements Due to the nature of 24x7 SOC monitoring requirements, this position requires, subject to compliance with applicable laws, occasional weekend work and alternate shifts as needed to ensure adequate coverage and meet the demands of our operations.
Role Requirement
Strong experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar).
Experience with Endpoint Detection & Response (e.g., Microsoft Defender for Endpoint, CrowdStrike, SentinelOne).
Experience investigating phishing, email threats, and Business Email Compromise.
Hands-on experience with Data Loss Prevention technologies.
Experience with Brand Protection platforms and external threat monitoring.
Understanding of Windows, Linux, Active Directory, Microsoft 365, Azure/AWS security fundamentals.
Knowledge of networking concepts, TCP/IP, DNS, HTTP/S, VPN, and firewalls.
Familiarity with MITRE ATT&CK, Cyber Kill Chain, and common attack techniques.
Familiarity with industry standards and frameworks, such as NIST Cybersecurity Framework and ISO 27001.