Soc Analyst

Security Monitoring Alert Triage Continuously monitor security alerts generated by various security tools SIEM EDR IDS IPS firewalls etc for suspicious activities anomalies and potential security breaches Perform initial triage and analysis of security events correlating data from multiple sources to determine the severity and legitimacy of alerts Prioritize alerts based on risk and impact escalating critical incidents to higher-tier analysts or incident response teams as necessary Incident Detection Response Investigate detected security incidents including malware infections phishing attempts unauthorized access and data exfiltration to understand their scope root cause and impact Execute incident response procedures to contain eradicate and recover from security incidents effectively minimizing downtime and data loss Document all incident details analysis actions taken and lessons learned for future reference and compliance Threat Analysis Intelligence Stay up-to-date with the latest cybersecurity threats vulnerabilities attack techniques TTPs and threat intelligence Analyze threat intelligence to identify potential risks to the organization and proactively develop detection rules and countermeasures Contribute to threat hunting activities to proactively identify stealthy threats that may evade existing security controls Security Tool Management Optimization Operate and maintain various security tools and technologies ensuring their optimal configuration and performance Assist in tuning security tools to reduce false positives and improve the accuracy of threat detection Collaborate with security engineers to deploy and integrate new security solutions Vulnerability Management Compliance especially for Tier 2 Senior Assist in vulnerability assessments and penetration testing activities to identify weaknesses in systems and applications Contribute to the development and implementation of security policies procedures and best practices Ensure compliance with industry standards and regulatory requirements e g GDPR HIPAA ISO 27001 Documentation Reporting Maintain accurate and detailed records of security events incidents and investigations Generate regular reports on security posture incident trends and SOC performance metrics for management and stakeholders Collaboration Communication Work closely with other security teams e g Incident Response Red Team GRC IT operations and business units to address security concerns and promote a security-conscious culture Communicate technical security issues clearly and concisely to both technical and non-technical audiences Qualifications Education Bachelor s degree in Computer Science Information Technology Cybersecurity or a related field or equivalent practical experience Experience Tier 1 Entry-Level 0-2 years of experience in a cybersecurity role IT support or a related field Tier 2 2-5 years of experience in a SOC or incident response role Senior 5 years of experience in a SOC with demonstrated leadership or specialized expertise Required Skills Technical Proficiency Strong understanding of networking fundamentals TCP IP firewalls routing switching Familiarity with various operating systems Windows Linux macOS Experience with security tools such as Security Information and Event Management SIEM systems e g Splunk QRadar Elastic SIEM Endpoint Detection and Response EDR solutions Intrusion Detection Prevention Systems IDS IPS Vulnerability scanners Antivirus Anti-malware solutions Packet analysis tools e g Wireshark Understanding of common attack vectors and mitigation strategies Basic scripting skills Python PowerShell are a plus Knowledge of cloud security concepts AWS Azure GCP is beneficial for senior roles Analytical Problem-Solving Skills Strong analytical and critical thinking abilities to investigate complex security issues Excellent problem-solving skills with the ability to identify root causes and develop effective solutions Attention to detail and a methodical approach to investigations Communication Collaboration Excellent written and verbal communication skills for reporting documentation and stakeholder interaction Ability to work effectively in a team environment and collaborate with diverse technical teams Soft Skills High level of integrity and professional ethics Ability to work under pressure and manage multiple priorities Proactive and self-motivated with a strong desire to learn and grow in the cybersecurity field Adaptability to rapidly evolving threat landscapes and technologies