L1 Cyber Security SOC Analyst

We are seeking for a vigilant L1 Security Operations Center (SOC) Analyst to join our 24/7 cybersecurity team.

Operating on 12-hour rotational shifts, you will perform real-time monitoring, threat detection, and initial incident response using SIEM/XDR platforms.

The role requires foundational knowledge of network security, log analysis, and attack vectors to defend against threats while escalating complex incidents to senior analysts.

This position is critical for maintaining our security posture across global digital assets.

Continuous Monitoring & Detection:

1. Monitor SIEM/XDR tools (e.g., Splunk, Sentinel, QRadar) for security alerts across networks, endpoints, and cloud environments.
2. Analyze logs from firewalls, IDS/IPS, EDR, and other security tools to identify malicious activity.

Incident Triage & Response:

1. Perform initial investigation and classification of security events (malware, phishing, DDoS).
2. Execute predefined playbooks for containment (e.g., isolate hosts, block IPs).
3. Escalate confirmed incidents to L2/L3 analysts with detailed documentation.

Threat Intelligence Utilization:

1. Apply threat intelligence feeds (e.g., MITRE ATT&CK) to contextualize alerts.
2. Monitor dark web/IoC sources for emerging threats relevant to the organization.

Reporting & Documentation:

1. Document incidents in ticketing systems (e.g., Jira, ServiceNow) with timelines, actions taken, and evidence.
2. Generate daily shift reports highlighting threat trends, false positives, and system health.

Tool Maintenance & Optimization:

1. Tune SIEM rules to reduce false positives and improve detection accuracy.
2. Validate security tool configurations (e.g., firewall policies, EDR rules).

Education:

• Diploma/Bachelor’s in Cybersecurity, IT, Computer Science, or related field.

Experience & Skills:

• More than one year in security monitoring or more than 2 years in IT support/networking with security exposure.

Hands-on experience with:

1. SIEM/XDR platforms (Splunk, Azure Sentinel, etc.)
2. Security tools (EDR, firewalls, IDS/IPS, email security)
3. OS security (Windows/Linux log analysis)

Understanding of:

1. Networking (TCP/IP, DNS, VPN, HTTP/S)
2. Common attack vectors (phishing, malware, brute force)
3. Cloud security fundamentals (AWS/Azure/GCP)

Technical Certifications (Preferred):

1. CompTIA Security+, CySA+, CEH, or equivalent entry-level security certs
2. Vendor certifications (e.g., Splunk Core User, Microsoft SC-200)

Shift Requirements:

1. Willingness to work 12-hour rotational shifts (day/night), including weekends/public holidays.
2. Ability to maintain focus during high-pressure overnight shifts.

Soft Skills:

1. Strong analytical thinking and attention to detail.
2. Effective communication for cross-team escalation.
3. Adaptability in fast-paced threat environments.
4. Basic knowledge of ITIL/incident management processes.