The SOC Analyst L1 is responsible for monitoring, analyzing, and responding to security incidents and threats to ensure organization’s IT infrastructure remains secure. This entry-level role serves as the first line of defense in the SOC, providing real-time monitoring, initial investigation, and escalation of security events to higher-tier analysts when necessary.
Responsibilities
Security Monitoring
- Continuously monitor security tools and systems for alerts and anomalies.
- Analyze logs, network traffic, and system behavior to identify potential threats.
Incident Response
- Perform initial investigation and containment of security incidents.
- Escalate complex or high-severity incidents to higher-tier analysts or SOC management.
- Document incident findings, actions taken, and lesson learned.
Threat Detection & Intelligence
- Identify patterns and trends in threat activities to improve detection capabilities.
- Stay updated on emerging security threats, vulnerabilities, and attack methods.
Reporting & Documentation
- Prepare detailed incident reports, post-mortem analysis, and trend reports for management and stakeholders.
- Ensure that all actions taken during an incident are well-documented for compliance, legal, and regulatory purposes.
System Maintenance & Reporting
- Maintain and fine-tune SOC monitoring tools, including SIEM systems.
- Generate regular security incident reports and metrics for review.
Collaboration & Escalation
- Collaborate with IT and other teams to resolve security issues.
- Communicate incident status and updates to relevant stakeholders.
Requirements:
- Bachelor's degree in Information Security, Cybersecurity or related field.
- 0-2 years of experience in cybersecurity, IT or a related field.
- Experience with security monitoring tools (SIEM, IDS/IPS) or basic network troubleshooting is a plus.
- Internship or hands-on training in cybersecurity.
- Basic knowledge of SIEM tools.
- Familiarity with IDS/IPS.
- Understanding of endpoint protection tools.
- Basic understanding of networking concepts such as TCP/IP, DNS, HTTP, and VPNs.
- Familiarity with firewalls, routers, and networking monitoring tools.
- Ability to work with command-line interfaces and basic scripting.
- Ability to identify patterns and anomalies in data.
- Foundational knowledge of cybersecurity threats, vulnerabilities, and attack methods.
