Roles & Responsibilities
We are seeking a proactive and analytical Level 1 SOC Analyst to join our 24/7 Security Operations Center. You will play a critical role in detecting and responding to cybersecurity threats across our digital infrastructure. As the first line of defense, you will monitor security alerts, conduct initial investigations, and escalate confirmed incidents to senior analysts.
Key Responsibilities:
- Monitor security alerts via SIEM/XDR tools (e.g., Splunk, Microsoft Sentinel, QRadar) for threats across networks, endpoints, and cloud environments.
- Analyze logs from firewalls, IDS/IPS, EDR, and other security solutions to identify suspicious or malicious behavior.
- Perform triage, classification, and initial investigation of events such as malware infections, phishing attempts, and DDoS attacks.
- Execute predefined incident response playbooks, including host isolation, IP blocking, and alert validation.
- Escalate verified incidents to L2/L3 teams with thorough documentation and supporting evidence.
- Apply threat intelligence (e.g., MITRE ATT&CK framework) to enrich and contextualize alerts.
- Monitor dark web and threat intelligence feeds for indicators of compromise (IoCs) relevant to the business.
- Maintain accurate incident records in ticketing systems such as ServiceNow or Jira, documenting timelines, actions, and outcomes.
- Generate daily shift handover reports summarizing threat activity, false positives, and system performance.
- Participate in tuning SIEM correlation rules and detection use cases to reduce false positives.
- Validate and review configuration settings of security tools (e.g., firewall rules, EDR policies) for compliance and effectiveness.
Required Qualifications & Skills:
- Diploma or Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- 1+ year experience in cybersecurity monitoring or 2+ years in IT/networking with security exposure.
- Familiarity with SIEM/XDR tools such as Splunk, Microsoft Sentinel, QRadar, etc.
- Hands-on experience with EDR, IDS/IPS, firewalls, and email security solutions.
- Understanding of Windows and Linux security logs and analysis techniques.
- Strong knowledge of network protocols (TCP/IP, DNS, VPN, HTTP/S).
- Awareness of common cyberattack vectors (e.g., phishing, malware, brute force).
- Foundational understanding of cloud security principles (AWS, Azure, or GCP).
- Industry certifications such as CompTIA Security+, CySA+, CEH, or equivalent.
- Vendor-specific certifications (e.g., Splunk Core User, Microsoft SC-200) are an advantage.
Additional Information:
- Must be willing to work rotational 24/7 shifts, including weekends and public holidays.
