SOC L1 Theart Hunting

Department: SOC

Area: Security Analysis

Location: Kochi

Job Title: SOC Analyst (SA- Security Analyst - L1 Threat Hunt)

Job brief

**Requirements**:
Must-have:

- 2 - 3 Year Experience as SOC Analyst - (Experience in SIEM Tool ELK & Wazuh preferable)
- Process and Procedure adherence
- General network knowledge and TCP/IP Troubleshooting
- Ability to trace down an endpoint on the network, based on ticket information
- Familiarity with system log information and what it means
- Understanding of common network services (web, mail, DNS, authentication)
- Knowledge of host-based firewalls, Anti-Malware, HIDS
- Knowledge of creating and modifying the dashboards.
- Understanding of common network device functions (firewall, IPS/IDS, NAC)
- General Desktop OS and Server OS knowledge
- TCP/IP, Internet Routing, UNIX / LINUX & Windows
- Excellent written and verbal communication skills.

Good to have:

- Good to have industry certifications on any SIEM Platform, CEH, C|SA, CompTIA Security+ & Others

Reporting To: Service Delivery Manager

Commencement Date: Immediate

Main Responsibilities
- Monitor security alerts and events from SIEM and other security tools.
- Perform basic threat hunting across endpoints, network traffic, and log sources using predefined queries and playbooks.
- Investigate anomalies, potential indicators of compromise (IOCs), and low-fidelity alerts.
- Escalate verified threats to L2/L3 analysts with relevant context and documentation.
- Assist in identifying false positives and refining detection rules in collaboration with senior analysts.
- Document findings, maintain accurate logs of activities, and contribute to reports.
- Follow standard operating procedures and incident handling workflows.
- Work proactively to seek out weaknesses and stealthy attackers, review vulnerability assessments (CVEs) on monitored assets. Focus more on doing deep dives into datasets to understand what's happening during and after attacks.
- Leading efforts to counter SLA breaches and anticipating the likelihood of future security alerts, incidents.
- Staying up to date with emerging security threats including applicable regulatory security requirements.
- Bring enhancements to SOC security process, procedures, and policies.
- Keep updated with new threats, vulnerabilities, create/contribute to use cases, threat hunting etc.
- Keep updated with the likes of OWASP Top 10 vulnerabilities, Bleeping Computer articles etc., for acquiring the knowledge over current threats in security perspective.
- Other responsibilities and additional duties as assigned by the security management team or service delivery manager.

Key Result Areas *

Key Performance Indicators

Accountability & Reporting Method

1

Handling service requests and incidents
- Ensure quality in services provided.
- Review tickets raised in helpdesk tool and do technical validation.
- Fulfilling of incidents and service requests.
- Completing tickets within SLA.
- Update ticket and worklog in Helpdesk Tool
- Update request status to customers.
- Update escalations to Service Delivery Manager (SDM).

2

Event and incident Monitoring &
Reporting
- Complete tasks as per schedules.
- Update and maintain schedules.
- Monitor new threats in the industry and create new Use Cases.
- Update ticket and worklog in Helpdesk Tool.
- Update documents.

3

Maintain inventory & configurations
- Update and maintain the inventory list.
- Update and maintain the configuration documents
- Update in Helpdesk Tool / Assets Management Tools
- Report to customer.

4

Process adherence
- Follow customer and Soffit defined policies and procedures.
- Follow HR policies and process.
- Customer Satisfaction
- Follow proper attendance and leave reporting processes.

5

Customer satisfaction
- Professional Ethics
- Adhere to timelines and punctuality.
- Workplace behaviour
- Customer feedback form.
- Attendance.

Competencies Required:
Qualification:

- 2 - 3 years of experience in SIEM.
- CEH & CompTIA Security+, N+, A+ Certification (Optional)

Competence:

- Confidentiality
- Work Ethics

**Skills**:

- Excellent event or log analytical skills
- Proven experience as IT Security Monitoring or similar role
- Exceptional organizing and time-management skills
- Very good communication abilities
- ELK, Wazuh, Splunk, ArcSight SIEM management skills
- Reporting

Work Location: In person