L1 SOC Analyst

The L1 SOC Analyst serves as the first line of defense within the Security Operations Center, responsible for monitoring, triaging, and escalating security alerts in accordance with defined procedures and SLAs. The role focuses on initial alert investigation, incident logging, and ensuring accurate and timely escalation to higher-tier analysts when required.

Responsibility:

• Serve as the first SOC tier to monitor and triage security alerts.
• Ensure threat alerts are contextually analyzed and escalated to the next SOC tier when deeper analysis is required.
• Provide feedback and comments on relevant data quality and visibility issues.
• Monitor and report on the health of the data collection and log ingestion pipelines.
• Log security incidents accurately and ensure adequate information is available for L2/L3 analysts.
• Generate and distribute scheduled and ad-hoc SOC reports.
• Operate independently to investigate and escalate alerts in line with operational requirements and SLA commitments.
• Adhere to SOC processes, playbooks, and incident handling procedures.

• Excellent communication skills
• Excellent problem-solving skills.
• Ability to support and balance own time among multiple tasks, and lead junior staff when required
• Ability to successfully interface with clients (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Excellent command of English

• Ability to work independently and as part of a team

Previous hands-on experience with SIEM technologies (e.g., QRadar, Splunk, LogRhythm, Elastic SIEM).
Good knowledge of operating systems, primarily Windows and Linux.
Good understanding of networking protocols, concepts, and technologies.
Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or a related field, or equivalent practical experience.
Security certifications such as Security+, GSEC, CEH, or similar are a plus.
Experience in programming or scripting (e.g., Python, PERL, Java, Shell, PowerShell).
Previous experience working as a systems or network administrator.
Experience configuring or supporting network security solutions (e.g., SIEM, firewalls, IDS/IPS).
Exposure to incident response and digital forensics activities.
Previous experience as a penetration tester is an added advantage.

Bachelor’s in computer science, Digital Forensics, Engineering, other related field, or equivalent