Security operations center analyst

Role Summary We are seeking an experienced L1 SOC Analyst (3–5 years) to perform real-time Eyes on Glass monitoring and first-level incident triage within our Security Operations Center. The role requires hands-on experience with SIEM, EDR, DLP, and network security tools, strong analytical skills, and a disciplined approach to SOP-driven incident handling. You will be the first line of defense responsible for validating threats, escalating incidents, and ensuring timely response to security events. Key Responsibilities 1. Real-Time Monitoring (Eyes on Glass) Continuous monitoring of security events across SIEM platforms such as Azure Sentinel, Splunk ES, Google Sec Ops (formerly Chronicle), QRadar . Identify anomalies, suspicious behavior, and early indicators of compromise. Maintain situational awareness of enterprise threat posture during the shift. 2. Alert Triage & Incident Escalation (L1 Scope) Perform initial triage of alerts related to malware, phishing, endpoint anomalies, lateral movement, access abuse, and network-based threats. Differentiate true positives from false positives through log correlation and event validation. Escalate verified incidents to L2/L3 teams as per incident playbooks and SLAs. Document investigations thoroughly within Service Now, Jira, Freshservice , or similar ITSM systems. 3. Endpoint & Network Security Support Monitor and respond to signals from EDR tools such as Crowd Strike, Carbon Black, Microsoft Defender . Review firewall, IDS/IPS, and proxy logs (Palo Alto, Fortinet, Cisco, Snort/Suricata). Support initial containment steps under supervision—isolating endpoints, blocking malicious domains/IPs, disabling accounts, etc. 4. DLP, Access & Cloud Security Oversight Monitor DLP alerts via Forcepoint, Microsoft Purview , or equivalent solutions. Validate RBAC violations, privilege escalations, and suspicious access attempts. Review cloud-specific alerts in Azure Security Center , API security dashboards, and identity protection tools. 5. Reporting, Compliance & Documentation Prepare incident summaries, shift handover reports, and event logs with clear timelines and evidence. Follow SOPs aligned to compliance frameworks such as ISO 27001, HIPAA, GDPR . Participate in monthly/quarterly reporting related to SOC performance, incident trends, and false positive reduction. 6. Continuous Improvement Contribute to SIEM rule tuning, alert optimization, and detection enhancements. Support development of SOC playbooks, detection use cases, and knowledge-base content. Stay current with threat landscapes, MITRE ATT&CK techniques, malware trends, and cloud security patterns. Required Skills & Competencies 1. Technical Skills Hands-on experience with SIEM platforms: Splunk ES, Azure Sentinel, Google Sec Ops (Chronicle), QRadar . Strong understanding of EDR tools: Crowd Strike, Carbon Black, Microsoft Defender . Exposure to DLP tools such as Forcepoint , Microsoft DLP, or Symantec DLP. Familiarity with: IDS/IPS systems Firewall logs & network telemetry RBAC, access control & authentication mechanisms Malware/phishing analysis basics Cloud security fundamentals (Azure preferred) 2. Soft Skills Strong analytical mindset and attention to detail. Effective communication skills for escalation and reporting. Ability to work in a 24x7 SOC with high operational discipline. Team player with strong documentation habits. Experience & Qualifications 3–5 years of hands-on experience in SOC operations, security monitoring, or incident response. Bachelor’s degree in Computer Science, Information Security, or related field. Preferred certifications: SC-200, AZ-900, Security+, Cy SA+, CEH .