Security Operations Center Analyst

Role Summary We are seeking an experiencedL1 SOC Analyst (3–5 years)to perform real-timeEyes on Glassmonitoring and first-level incident triage within our Security Operations Center. The role requires hands-on experience with SIEM, EDR, DLP, and network security tools, strong analytical skills, and a disciplined approach to SOP-driven incident handling. You will be the first line of defense responsible for validating threats, escalating incidents, and ensuring timely response to security events.Key Responsibilities 1. Real-Time Monitoring (Eyes on Glass) Continuous monitoring of security events across SIEM platforms such asAzure Sentinel, Splunk ES, Google SecOps (formerly Chronicle), QRadar . Identify anomalies, suspicious behavior, and early indicators of compromise. Maintain situational awareness of enterprise threat posture during the shift. 2. Alert Triage & Incident Escalation (L1 Scope) Perform initial triage of alerts related to malware, phishing, endpoint anomalies, lateral movement, access abuse, and network-based threats. Differentiate true positives from false positives through log correlation and event validation. Escalate verified incidents to L2/L3 teams as per incident playbooks and SLAs. Document investigations thoroughly withinServiceNow, Jira, Freshservice , or similar ITSM systems. 3. Endpoint & Network Security Support Monitor and respond to signals from EDR tools such asCrowdStrike, Carbon Black, Microsoft Defender . Review firewall, IDS/IPS, and proxy logs (Palo Alto, Fortinet, Cisco, Snort/Suricata). Support initial containment steps under supervision—isolating endpoints, blocking malicious domains/IPs, disabling accounts, etc. 4. DLP, Access & Cloud Security Oversight Monitor DLP alerts viaForcepoint, Microsoft Purview , or equivalent solutions. Validate RBAC violations, privilege escalations, and suspicious access attempts. Review cloud-specific alerts inAzure Security Center , API security dashboards, and identity protection tools. 5. Reporting, Compliance & Documentation Prepare incident summaries, shift handover reports, and event logs with clear timelines and evidence. Follow SOPs aligned to compliance frameworks such asISO 27001, HIPAA, GDPR . Participate in monthly/quarterly reporting related to SOC performance, incident trends, and false positive reduction. 6. Continuous Improvement Contribute to SIEM rule tuning, alert optimization, and detection enhancements. Support development of SOC playbooks, detection use cases, and knowledge-base content. Stay current with threat landscapes, MITRE ATT&CK techniques, malware trends, and cloud security patterns.Required Skills & Competencies 1. Technical Skills Hands-on experience with SIEM platforms:Splunk ES, Azure Sentinel, Google SecOps (Chronicle), QRadar . Strong understanding of EDR tools:CrowdStrike, Carbon Black, Microsoft Defender . Exposure to DLP tools such asForcepoint , Microsoft DLP, or Symantec DLP. Familiarity with: IDS/IPS systems Firewall logs & network telemetry RBAC, access control & authentication mechanisms Malware/phishing analysis basics Cloud security fundamentals (Azure preferred) 2. Soft Skills Strong analytical mindset and attention to detail. Effective communication skills for escalation and reporting. Ability to work in a 24x7 SOC with high operational discipline. Team player with strong documentation habits.Experience & Qualifications 3–5 yearsof hands-on experience in SOC operations, security monitoring, or incident response. Bachelor’s degree in Computer Science, Information Security, or related field. Preferred certifications:SC-200, AZ-900, Security+, CySA+, CEH .