SOC Analyst – Tier 1 Security Operations

About the role

The SOC Analyst works in the Technology team as a Tier 1 security operations analyst, monitoring and triaging alerts across ARI’s enterprise IT and OT environments. This hybrid role is primarily remote, supporting the detection and response capability while collaborating with the OT Security Engineer and external MSSP.

Key responsibilities

• Monitor security alerts and telemetry from Microsoft Sentinel, Defender XDR, Entra ID and related tools during U.S. business hours.
• Tri­age alerts using documented playbooks: validate, classify, gather context, resolve, suppress or escalate.
• Open, maintain and close incident tickets in Jira Service Management with audit‑quality documentation.
• Handle phishing reports, including user‑submitted emails and automated detections.
• Contribute to detection tuning by flagging false‑positives and recommending refinements.
• Maintain and update SOC runbooks and playbooks.
• Support routine security tasks such as account access reviews, certificate expiry tracking and vulnerability triage.
• Participate in tabletop exercises, post‑incident reviews and capture lessons learned.
• Escalate OT‑related events to the OT Security Engineer and coordinate with the MSSP for deeper investigations.

Required profile

• 1–3 years of experience in a SOC, IT security operations or IT support role with security responsibilities.
• Bachelor’s degree in Cybersecurity, Information Technology or a related field, or equivalent experience.
• Strong documentation discipline and clear written and verbal communication under pressure.
• Preferred certifications: CompTIA Security+, Microsoft SC‑200 or equivalent.

Required skills

• Microsoft Sentinel
• Microsoft Defender XDR
• Microsoft Entra ID
• Microsoft Purview
• Jira Service Management
• Phishing detection and triage
• Networking fundamentals (TCP/IP, DNS, HTTP/S, VPN)
• Windows and macOS endpoint concepts