SOC Analyst-l1

**Description**

Company Overview:
When it comes to IT solution providers, there are a lot of choices. But when it comes to providers with innovative and differentiating end-to-end service offerings, there’s only one: Zones - First Choice for IT.TM
Zones is a global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Positioned to be the IT partner you need, Zones, a Minority Business Enterprise (MBE) in business for over 35 years, specializes in Digital Workplace, cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, leveraging a robust portfolio, and utilizing the highest certification levels from key partners, including Microsoft, Apple, Cisco, Lenovo, Adobe, and more, Zones has mastered the science of building digital infrastructures that change the way business does business ensuring whatever they need, they can Consider IT Done. Follow Zones, LLC on Twitter (Zones), LinkedIn, and Facebook.
Position Overview:
The SOC Level 1 (L1) Analyst is the first line of defense in monitoring, detecting, and responding to security threats within an organization. The L1 analyst is primarily responsible for continuously monitoring the organization’s SIEM (e.g., Microsoft Sentinel), security tools, and alerting systems to identify potential security incidents.
They act as the initial triage point, analyzing alerts, validating threats, escalating issues as necessary, and ensuring timely documentation and communication. This role requires strong analytical skills, attention to detail, and the ability to follow established Standard Operating Procedures (SOPs) and Runbooks.
The Analyst will be responsible for conducting Vulnerability Assessments, supporting Vulnerability Management activities, and providing threat intelligence-driven recommendations. They will also assist in implementing remediation measures to strengthen the organization’s overall security posture.
What you’ll do as the (SOC Analyst L1)
- Monitor threats to an organization's IT infrastructure.
- Utilize and adhere to defined workflow and processes driving the response and mitigation efforts
Collect relevant artifacts in support of incident response activities.
- Conduct technical analysis on impacted systems to determine impact, scope, and recovery from active and potential cyber incidents.
- Validate findings reported by SIEM.
- Take ownership of cases escalated by SIEM Analysts (Tier I).
- Assess security systems and measures for weaknesses and possible improvements.
- Threat and vulnerability analysis.
- Share and document your knowledge with teammates and guide them in the resolution of complex technical problems.
- Troubleshoot incidents, identify root cause, fix and document problems, and implement preventive measures.
- Ensure accurate and timely resolution of all assigned issues, confirming to a strict SLA.
- Experience coordinating support issue resolution and handling escalations.
- Designing and preparing technical reports, charts, and graphs to record results.
- Lead junior staff members on assigned shift, provide guidance and training on best practice operations, SLA, communications.
- Work with partners, vendors, and business stakeholders to develop and interpret security policies and procedures.
- Architect, design, implement, support, and evaluate security-focused tools and services.
- Handle SIEM Configuration, administration, log sources integrations.

**Required Skills**:

- Solid communication (Verbal, Written) and interpersonal skills.
- Team player, collaborator.
- Ability to work independently and provide guidance to new staff on the team.
- Sound knowledge of threats and cybersecurity trends.
- Sound knowledge in areas like networking, malware analysis, incident response, and cyber etiquette.
- Good to have experience with scripting languages such as Python, PowerShell, and JavaScript
- Good to have hands on KQL Queries and automation.
- Must be able to perform hands-on support for a wide range of security technologies Azure Sentinel SIEM, IDS/IPS, malware analysis and protection, identity and access management, data loss prevention, content filtering technologies, vulnerability scanners, etc.).
- Experience executing incident handling procedures.
- Microsoft Office 365, Azure, Windows Active Directory, Windows Server.
- Customer experience with cloud and hybrid infrastructures, broad experience with Microsoft 365
Security, Azure Security.
- Strong client-facing communication skills (verbal and written), with the ability to engage across all organizational levels.

Nice to Have:

- Microsoft security stack, Sentinel SIEM, XDR, Defender, CrowdStrike, Sentinel One, other EDR, Cisco, Palo Alto,
- Experience with ticketing systems such as Service-Now, Zendesk, Jira, Freshdesk, etc.
- Ability to work independently in a fast-paced environment where technology and customers'
requirements can change regularly.
- Knowledge of Vulnerability Asses