SOC Analyst (Level 1)

Skills

About the Role

You will act as the first line of defense, monitoring alerts, triaging events and performing initial investigations to determine scope and severity. You will gather logs and telemetry to enrich cases, document findings clearly in the ticketing system, and escalate confirmed or suspected incidents to Level 2/Incident Response with a complete handoff. You will follow runbooks to execute authorized containment actions, map alerts to adversary behaviors using frameworks like MITRE ATT&CK, and maintain accurate shift handovers, watchlists and investigation notes. You will work rotating shifts and participate in on-call coverage as required.

Requirements

• 0–2 years in a SOC security monitoring or IT operations role or equivalent hands-on experience
• Practical knowledge of networking DNS HTTP(S) identity authentication and malware basics
• Familiarity with log investigation and event triage concepts
• Familiarity with SIEM EDR ticketing tools and basic SOAR concepts
• Strong written communication to produce clear escalation ready tickets and timelines
• Ability to work rotating shifts and on-call including weekends and holidays

Responsibilities

• Monitor security alerts across SIEM EDR and cloud security tooling 24/7
• Triage alerts and distinguish false positives from credible threats
• Investigate and enrich incidents by gathering logs and telemetry
• Escalate confirmed or suspected incidents to Level 2 Incident Response with complete handoffs
• Execute runbooks and authorized containment actions for common events
• Map alerts to adversary behaviors using MITRE ATT&CK
• Maintain shift handovers update watchlists and recommend detection tuning