Security Operation Centre L1

Job Summary

The SOC L1 Analyst is the first line of defense in cybersecurity operations. They are responsible for monitoring, detecting, and logging potential threats using security tools and alerting systems. The L1 Analyst performs initial triage and escalation of suspicious activity to higher levels.

Key Responsibilities

• Monitor SIEM (Security Information & Event Management) tools for alerts and anomalies.
• Perform initial investigation and triage on security events.
• Escalate confirmed or critical incidents to SOC L2.
• Document incidents in ticketing systems (e.g., ServiceNow, JIRA).
• Maintain logs and daily reports for incident trends.
• Monitor firewalls, IDS/IPS, EDR, and antivirus systems for suspicious behavior.
• Assist in phishing investigations and malware alert review.
• Follow standard incident response playbooks.
• Participate in shift-based 24/7 monitoring.

Skills & Knowledge

• Understanding of networking fundamentals (TCP/IP, DNS, ports, protocols).
• Basic knowledge of Windows/Linux systems and security logs.
• Familiarity with SIEM tools (e.g., Splunk, QRadar, Azure Sentinel).
• Strong analytical and documentation skills.
• Ability to work under pressure and escalate issues promptly.

Education & Certifications

• Diploma/Bachelor’s in Cybersecurity, IT, or Computer Science.
• Preferred: CompTIA Security+, EC-Council CSA, Microsoft SC-900 / SC-200, Cisco CyberOps Associate.
• 3 years of experience in cybersecurity or IT monitoring.

Job Type: Full-time

Ability to commute/relocate:

• Muscat: Reliably commute or planning to relocate before starting work (Required)

Application Question(s):

• what is your monthly current salary?
• what is your monthly expected salary?
• what is your notice period?

Education:

• Bachelor's (Required)

Experience:

• Security Operation Centre L1: 3 years (Required)