The Tier 1 SOC Analyst is part of the front line of our Security Operations Center, responsible for continuous monitoring, initial investigation, and rapid response to security alerts and incidents. You will be acting as the first point of contact for detecting suspicious activity, escalating threats, and ensuring the environment remains secure.
Strong knowledge of security threats, incident detection technologies, and investigation techniques is expected. Candidates should demonstrate adaptability, willingness to work in 24x7 shifts, and eagerness to learn emerging security tools and techniques.
Responsibilities:
Monitor SOAR, SIEM, IDS/IPS, endpoint, and network security tools for alerts and anomalies.
Perform triage of incoming security events to assess severity, scope, and potential impact.
Investigate alerts to differentiate false positives from genuine threats.
Document findings clearly and escalate incidents according to SOC playbooks.
Initiate containment measures for confirmed incidents (e.g., isolating endpoints, disabling accounts).
Support vulnerability and patch management activities by monitoring for unpatched systems.
Maintain situational awareness of current threats and common attack techniques (e.g., phishing, malware, brute force).
Contribute to incident reports and post-incident reviews.
Use SOAR platforms for automating detection and response where possible.