SOC Analyst

Job Summary:

We are looking for a proactive and detail-oriented SOC Analyst to join our Security Operations Center (SOC) team. As a SOC Analyst, you will be responsible for the initial monitoring, detection, and triage of security incidents and alerts. This role focuses on identifying potential threats, escalating incidents when necessary, and ensuring that all activities are logged and followed up in a timely manner.

Key Responsibilities:

1. Continuously monitor security alerts and events from various security tools, including SIEM (Security Information and Event Management), firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and more.

2. Perform initial triage of security alerts to identify potential threats or suspicious activity.

3. Analyze logs and security data to validate and classify security incidents.

4. Prioritize incidents based on severity and impact, ensuring high-priority threats are promptly addressed.

5. Document incidents and create tickets for further analysis or escalation to higher-level analysts if necessary.

6. Respond to basic security incidents, such as malware infections, unauthorized access attempts, or phishing emails.

7. Escalate complex or critical incidents to Level 2 or Senior SOC analysts for further investigation and response.

8. Follow established procedures and playbooks to ensure consistent and efficient handling of incidents.

9. Provide detailed and accurate incident reports and documentation for escalation and later analysis.

10. Assist in the configuration and tuning of security tools, ensuring they are correctly identifying potential threats and minimizing false positives.

11. Collaborate with other members of the SOC team and internal stakeholders (e.g., IT, network, and incident response teams) to ensure timely and accurate handling of security incidents.

Preferred Qualifications:

· Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

· Minimum of 1-3 years of experience in a Security Operations Center (SOC) or similar security environment, with a focus on Level 1 support or incident response.

· Basic understanding of cybersecurity principles, threat detection, and incident response.

· Familiarity with security technologies such as SIEM, firewalls, IDS/IPS, endpoint detection, and antivirus software.

· Knowledge of networking protocols (e.g., TCP/IP, HTTP, DNS) and basic system administration.

· Ability to follow defined procedures and document incidents accurately.

· Strong attention to detail and analytical skills.

· Strong communication skills, both written and verbal.

· Ability to prioritize tasks effectively, especially during high-pressure situations.

· Willingness to work in a 24/7 shift environment.

Preferred Skills:

· Experience with or knowledge of SIEM platforms.

· Familiarity with common attack vectors (e.g., phishing, malware, DDoS, etc.).

· Basic knowledge of incident response procedures and security frameworks.

· Experience with ticketing systems for incident management.

· Familiarity with automation and scripting tools (e.g., PowerShell, Python, Bash) is a plus.

· Problem-solving abilities and critical thinking under pressure.

· Ability to work in a fast-paced environment while maintaining focus on critical tasks.

Job Type: Full-time