SOC Analyst

Title: SOC AnalystFunction: Cyber Security Operations / Managed Detection and Response (MDR)Experience: 3-5 YearsRole SummaryThe SOC Analyst serves as the primary technical interface between the client's onsite security team and the Managed Detection and Response (MDR) or Security Operations Center (SOC) teams, ensuring seamless integration and effective incident handling.This role demands hands-on expertise in security platforms, particularly FortiSIEM and EDR solutions, combined with practical knowledge of network architecture, including firewall, switching, and routing configuration.The analyst is critical for timely incident coordination, triage validation, and providing technical insights on threat trends and security posture enhancement.Primary Responsibilities- Act as the dedicated onsite point of contact for the customer, bridging technical communication between the client's IT teams and the Global SOC/MDR analysts during investigation and remediation phases.- Coordinate and meticulously track the entire incident response lifecycle, including initial alert triage, technical validation of security incidents, evidence gathering, and timely escalation to L2/L3 teams per established playbooks.- Support the technical onboarding of new log sources (e.g., cloud flow logs, application logs, security appliance feeds) into the SIEM platform, ensuring proper parsing, normalization, and asset visibility updates for accurate correlation.- Implement and validate necessary configuration changes within SIEM, SOAR, and MDR workflow platforms to optimize detection rules, suppression logic, and automated response capabilities.- Perform in-depth technical review and validation of security alerts, incident tickets, and operational reports generated by the MDR platform, ensuring the accuracy of threat containment and investigation data.- Provide actionable insights to customer stakeholders on emerging incident trends, evolving threat patterns, and the overall effectiveness of security controls during customer review meetings.- Ensure immediate and timely technical communication of critical incidents (e.g., confirmed breaches, ransomware activity) to key internal and external stakeholders using predefined communication protocols.- Maintain and technically update all operational documentation, including detailed investigation procedures, runbooks for automated workflows, and standardized reporting templates.- Collaborate directly with customer IT/security teams during joint investigations, guide technical remediation efforts, and provide necessary evidence and reports for compliance and internal audits.- Actively utilize FortiSIEM for advanced query writing, dashboard creation, and rule tuning, leveraging integrated EDR platforms to perform endpoint threat hunting and deeper root cause analysis.- Install, configure, and manage high-availability firewalls (specifically FortiGate models), developing intricate security policies, VPNs, and traffic shaping rules to enforce stringent network protection.- Demonstrate proficiency in secure switching and routing principles, ensuring that network architecture supports secure segmentation, access control lists (ACLs), and traffic flow efficiency for optimal security sensor placement.Required Technical Skills- SIEM/SOAR Operations: Hands-on experience with SIEM platforms (e.g., FortiSIEM, Splunk, Sentinel) including alert tuning, log correlation, and basic SOAR playbook execution.- Incident Response: Proven ability to manage the technical aspects of the incident lifecycle (Triage, Validation, Containment, Eradication) and coordinate activities with cross-functional teams.- Network Security: Practical expertise in the deployment and configuration of FortiGate firewalls, including policy creation, NAT, and UTM features.- Endpoint Security: Experience utilizing and operating an EDR platform for threat investigation, endpoint isolation, and forensic data collection.- Networking Fundamentals: Strong technical familiarity with switching (VLANs, port security) and routing protocols (OSPF, BGP) necessary to ensure secure and segmented network environments.- Communication & Coordination: Excellent ability to translate highly technical findings into clear, concise, and actionable status updates for management and non-technical audiences.Preferred Skills :- Industry certification such as CompTIA Security+, GSEC (GIAC Security Essentials), or Fortinet NSE 4/5.- Experience with cloud security monitoring and alert ingestion from platforms like Azure Security Center or AWS GuardDuty.- Proficiency in writing investigation queries using languages like KQL (Kusto Query Language) or specialized SIEM query syntax.- Familiarity with threat intelligence platforms (TIP) and integrating threat feeds into the SIEM for enhanced detection.- Basic scripting skills (Python, PowerShell) for automating routine operational tasks or data parsing.- Knowledge of MITRE ATT&CK framework and applying its techniques to map and enrich security incidents. (ref:hirist.tech)