Job Summary:
We are seeking an experienced SOC – L1/L2 Analyst to join our Security Operations Center (SOC) team. The ideal candidate will have a strong background in cybersecurity operations, incident response. As a SOC Analyst, you will play a critical role in identifying, investigating, and responding to security threats and incidents.
Key Responsibilities-
- Monitor, investigate, and respond to security alerts, incidents, and vulnerabilities using SIEM tools.
- Perform in-depth security analysis of logs, network traffic, and security events to identify suspicious activities or potential breaches.
- Conduct incident response, including root cause analysis, and recommend actions to mitigate threats.
- Collaborate with customers and other teams to analyze & escalate and manage security incidents through resolution.
- Act as a point of escalation for complex security events that require advanced investigation and remediation.
- Analyze and create security rules, filters, and alerts to enhance threat detection capabilities.
- Provide recommendations for improving SOC processes and security technologies.
- Perform malware analysis and review suspicious files for threats.
- Assist in vulnerability assessments, threat intelligence analysis, and forensic investigations as required.
- Maintain up-to-date documentation of SOC processes, playbooks, and security incidents.
- Stay informed on emerging security threats, vulnerabilities, and industry best practices.
Required Skills and Experience-
- 3-5 years of experience working in a Security Operations Center (SOC) as Security Analyst.
- Hands-on experience (implementation, configuration, and use) for threat detection, log analysis, and incident management.
- Strong knowledge of SIEM tools, firewalls, IDS/IPS systems, and antivirus software.
- Experience with security incident detection and response, vulnerability management, and threat hunting.
- Strong understanding of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK, CIS Controls).
- Familiarity with endpoint protection tools, network security, and cloud security concepts.
- Proficient in scripting and automation for security tasks (e.g., Python, Bash).
- Experience with malware analysis, forensic investigations, and reverse engineering.
- Excellent communication skills, with the ability to report complex technical issues clearly and concisely.
- Strong analytical and problem-solving skills.
Preferred Qualifications:
- *Certifications such as CEH, CISSP, CompTIA Security+, or SANS GIAC.
- Experience with other SIEM platforms such as Splunk, Elastic Stack, or QRadar.
- Familiarity with network protocols and packet analysis tools (e.g., Wireshark, TCPDump).
- Prior experience with cloud security monitoring in environments like AWS, Azure, or GCP.
- Experience with threat intelligence platforms and security automation.