SOC Analyst

Job Description:

• Security Monitoring & Alert Triage:

  • Continuously monitor security alerts generated by various security tools (SIEM, EDR, IDS/IPS, firewalls, etc.) for suspicious activities, anomalies, and potential security breaches.

  • Perform initial triage and analysis of security events, correlating data from multiple sources to determine the severity and legitimacy of alerts.

  • Prioritize alerts based on risk and impact, escalating critical incidents to higher-tier analysts or incident response teams as necessary.

• Incident Detection & Response:

  • Investigate detected security incidents, including malware infections, phishing attempts, unauthorized access, and data exfiltration, to understand their scope, root cause, and impact.

  • Execute incident response procedures to contain, eradicate, and recover from security incidents effectively, minimizing downtime and data loss.

  • Document all incident details, analysis, actions taken, and lessons learned for future reference and compliance.

• Threat Analysis & Intelligence:

  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, attack techniques (TTPs), and threat intelligence.

  • Analyze threat intelligence to identify potential risks to the organization and proactively develop detection rules and countermeasures.

  • Contribute to threat hunting activities to proactively identify stealthy threats that may evade existing security controls.

• Security Tool Management & Optimization:

  • Operate and maintain various security tools and technologies, ensuring their optimal configuration and performance.

  • Assist in tuning security tools to reduce false positives and improve the accuracy of threat detection.

  • Collaborate with security engineers to deploy and integrate new security solutions.

• Vulnerability Management & Compliance (especially for Tier 2/Senior):

  • Assist in vulnerability assessments and penetration testing activities to identify weaknesses in systems and applications.

  • Contribute to the development and implementation of security policies, procedures, and best practices.

  • Ensure compliance with industry standards and regulatory requirements (e.g., GDPR, HIPAA, ISO 27001).

• Documentation & Reporting:

  • Maintain accurate and detailed records of security events, incidents, and investigations.

  • Generate regular reports on security posture, incident trends, and SOC performance metrics for management and stakeholders.

• Collaboration & Communication:

  • Work closely with other security teams (e.g., Incident Response, Red Team, GRC), IT operations, and business units to address security concerns and promote a security-conscious culture.

  • Communicate technical security issues clearly and concisely to both technical and non-technical audiences.

Qualifications:

• Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.

• Experience:

  • Tier 1 (Entry-Level): 0-2 years of experience in a cybersecurity role, IT support, or a related field.

  • Tier 2: 2-5 years of experience in a SOC or incident response role.

  • Senior: 5+ years of experience in a SOC, with demonstrated leadership or specialized expertise.

Required Skills:

• Technical Proficiency:

  • Strong understanding of networking fundamentals (TCP/IP, firewalls, routing, switching).

  • Familiarity with various operating systems (Windows, Linux, macOS).

  • Experience with security tools such as:

    • Security Information and Event Management (SIEM) systems (e.g., Splunk, QRadar, Elastic SIEM).

    • Endpoint Detection and Response (EDR) solutions.

    • Intrusion Detection/Prevention Systems (IDS/IPS).

    • Vulnerability scanners.

    • Antivirus/Anti-malware solutions.

    • Packet analysis tools (e.g., Wireshark).

  • Understanding of common attack vectors and mitigation strategies.

  • Basic scripting skills (Python, PowerShell) are a plus.

  • Knowledge of cloud security concepts (AWS, Azure, GCP) is beneficial for senior roles.

• Analytical & Problem-Solving Skills:

  • Strong analytical and critical thinking abilities to investigate complex security issues.

  • Excellent problem-solving skills with the ability to identify root causes and develop effective solutions.

  • Attention to detail and a methodical approach to investigations.

• Communication & Collaboration:

  • Excellent written and verbal communication skills for reporting, documentation, and stakeholder interaction.

  • Ability to work effectively in a team environment and collaborate with diverse technical teams.

• Soft Skills:

  • High level of integrity and professional ethics.

  • Ability to work under pressure and manage multiple priorities.

  • Proactive and self-motivated with a strong desire to learn and grow in the cybersecurity field.

  • Adaptability to rapidly evolving threat landscapes and technologies.