SOC L1 Analyst

The SOC L1 Analyst is responsible for continuous monitoring, detection, triage, and initial response to security incidents across enterprise systems. The analyst will work with SIEM and EDR tools such as IBM QRadar, Microsoft Sentinel, and CrowdStrike Falcon to identify and escalate potential threats, ensuring the organization’s information assets remain secure.

Key Responsibilities

• Monitor and analyze security alerts from SIEM platforms (IBM QRadar, Microsoft Sentinel).
• Review and investigate endpoint security alerts from CrowdStrike Falcon.
• Perform initial triage of events, determine severity, and escalate to L2/L3 analysts when necessary.
• Assist in incident response processes by providing detailed logs, findings, and evidence.
• Maintain and update incident tickets in the SOC management system.
• Conduct basic network traffic analysis, log correlation, and malware detection using SOC tools.
• Follow standard operating procedures (SOPs) for incident handling.
• Prepare daily/weekly security reports and contribute to SOC metrics.
• Collaborate with IT, infrastructure, and application teams to validate or remediate alerts.

Required Skills & Tools

• SIEM Tools: IBM QRadar, Microsoft Sentinel
• EDR: CrowdStrike Falcon or equivalent
• Operating Systems: Windows, Linux, macOS
• Networking Concepts: TCP/IP, DNS, Firewalls, VPNs
• Security Standards: ISO 27001, NIST, MITRE ATT&CK Framework
• Ticketing Tools: ServiceNow, JIRA, or equivalent

Qualifications

• Bachelor’s Degree in Computer Science, Information Security, or related field.
• 1–2 years of experience in SOC operations or cybersecurity monitoring.
• Relevant certifications preferred:
• CompTIA Security+, CEH, IBM QRadar Certified, CrowdStrike Certified Falcon Administrator (CCFA), or Microsoft SC-200.

Job Type: Full-time

Application Question(s):

• Which SIEM platforms have you worked with?
• Have you worked in a 24x7 SOC environment or rotational shift setup before?
• What ticketing systems have you used ?
• Are you currently based in the UAE and eligible to work ?

Experience:

• SOC operations or cybersecurity monitoring: 2 years (Preferred)