Cybersecurity Analyst (Tier 1 / SOC Analyst)

About the role
Entry-level SOC analyst role responsible for 24/7 monitoring, initial triage, and escalation of security alerts using modern detection and response tools.

Key responsibilities

• Monitor alerts from SIEM, EDR, IDS/IPS, firewalls, cloud security tools, and other telemetry.
• Triage and enrich security events: validate alerts, assess severity, and gather contextual data.
• Escalate confirmed incidents to Tier 2 / Incident Response with evidence and recommended actions.
• Execute playbooks and runbooks for common detections (malware, suspicious logins, lateral movement, data exfiltration).
• Investigate logs, network flows, endpoint telemetry, and cloud activity to determine scope and impact.
• Perform basic forensic collection and preserve artifacts per procedures.
• Maintain accurate incident records in the ticketing/incident management system.
• Ingest and apply threat intelligence: map IOCs, update watchlists, and tune detections.
• Collaborate with IT Ops, Platform, and DevOps teams to remediate vulnerabilities and misconfigurations.
• Participate in shift rotations for 24/7 SOC coverage and produce handover briefings.
• Contribute to continuous improvement: refine playbooks, reduce false positives, and document lessons learned.
• Adhere to security policies, compliance requirements, and data handling procedures.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, IT, or equivalent; or relevant certifications/experience.
• 0–2 years in security monitoring, IT support, or network/endpoint administration.
• Familiarity with SIEM (Splunk, Microsoft Sentinel, Elastic, or similar) and EDR (CrowdStrike, SentinelOne, Carbon Black, etc.).
• Basic understanding of network protocols (TCP/IP, DNS, HTTP/S), host OS internals (Windows/Linux), and log analysis.
• Knowledge of security concepts: authentication, IAM, encryption, malware types, and attack techniques (MITRE ATT&CK desirable).
• Comfortable with command-line tools, basic scripting (Python, PowerShell, or Bash), and query languages (KQL, SPL, Elastic DSL).
• Strong analytical skills, attention to detail, and ability to work under pressure.
• Good communication skills in English; Arabic is a plus.
• Willingness to work shifts (including nights) and participate in on-call rotations.

Preferred (not required)

• Certifications: CompTIA Security+, CySA+, CEH, or SOC-specific credentials.
• Experience with cloud security monitoring (AWS/Azure/GCP) and cloud-native logging.
• Familiarity with SOAR platforms (Cortex XSOAR, Splunk SOAR) and threat intelligence tools.
• Prior exposure to incident response, malware analysis, or digital forensics.

What we offer

• Competitive Oman-market salary and benefits.
• Training, mentorship, and certification support.
• Career progression to Tier 2/Incident Responder, Threat Hunter, or SOC Engineer roles.
• Modern tools and a collaborative SOC environment with hybrid work options.

Job Type: Full-time

Pay: RO19.000 - RO30.000 per hour

Expected hours: 40 per week

Work Location: On the road