SOC L1 Security Operations Analyst

About the role

The SOC L1 Analyst will serve as the first line of defense in our Security Operations Center, monitoring security events, triaging alerts, and supporting incident response activities. This role ensures continuous protection of the enterprise by leveraging SIEM tools and collaborating with the MDR team.

Key responsibilities

• Monitor SIEM platforms (e.g., Azure Sentinel, Splunk, LogRhythm) for security events and alerts.
• Validate, categorize, prioritize, and investigate alerts, escalating false positives or complex cases to Level 2 analysts.
• Maintain group email inboxes, phone lines, shift logs, and ticketing systems.
• Assist MDR analysts in incident detection, containment, remediation, and communication with external teams.
• Participate in threat‑hunting activities under guidance of Incident Response handlers.
• Document investigations, produce comprehensive incident reports, and update knowledge‑base tools such as Confluence.
• Continuously improve operational processes and procedures.

Required profile

• Strong attention to detail and ability to follow documented procedures.
• Effective communication skills for internal and external coordination.
• Willingness to work in a shift‑based environment and maintain accurate logs.

Required skills

• Experience with SIEM tools (Azure Sentinel, Splunk, LogRhythm, etc.).
• Familiarity with IDS/IPS and firewall technologies (Snort, Cisco, Fortigate, Sourcefire).
• Knowledge of security monitoring sources such as firewalls, web proxies, EDR/antivirus systems.
• Proficiency with knowledge‑base platforms like Confluence.