After-Hours SOC Specialist

Position Summary

The After-Hours Cybersecurity Support Analyst is responsible for providing security monitoring, incident triage, and initial response support overnight. The role ensures continuous protection of systems, data, and networks by identifying and escalating potential security threats.

Key Responsibilities

• Security Monitoring: Continuously monitor alerts and notifications from internal cybersecurity tools (e.g., Elastic, Crowdstrike, Darktrace, flare, Wiz).
• Incident Triage: Analyze, categorize, and prioritize security alerts to determine the severity and potential impact.
• Incident Escalation: Escalate confirmed or high-severity incidents to the on-call Cybersecurity Team or senior security analysts as per escalation matrix.
• Log Collection: Gather relevant logs, screenshots, or evidence for incidents detected during the after-hours period.
• Communication: Notify relevant stakeholders (on-call security lead, IT operations, network team) according to the communication plan.
• Documentation: Record all activities, alerts, and response actions in the incident management system (ticketing system).
• Health Checks: Perform daily or shift-based verification of the availability and integrity of key cybersecurity systems (SIEM, antivirus, firewalls, IDS/IPS).
• Shift Handover: Provide a summary of incidents, alerts, and actions taken to the next on-duty or daytime security team.

Required Skills and Knowledge

• 1-2 years of relevant experience in NOC, SOC, or cybersecurity role.
• Good understanding of cybersecurity principles, network protocols, and threat indicators.
• Familiarity with SIEM tools (e.g.,Elastic) and endpoint detection systems.
• Ability to interpret security alerts, logs, and indicators of compromise (IOCs).
• Strong analytical and problem-solving skills with attention to detail.
• Clear written and verbal communication for incident reporting and escalation.
• Ability to follow standard operating procedures (SOPs) and maintain accurate records.