L1 SOC Analyst (Threat Monitoring)

About the role

We are seeking an L1 SOC Analyst to join our Security Operations Center. In this entry‑level position you will monitor security alerts, perform initial triage, and support incident escalation while gaining hands‑on experience with leading security tools and frameworks.

Key responsibilities

• Monitor real‑time alerts from SIEM platforms and other security solutions.
• Conduct Level 1 triage by analyzing logs, network traffic, and endpoint events.
• Investigate suspicious activity, document findings, and escalate incidents according to SOC procedures.
• Correlate data from multiple sources to identify potential threats.
• Coordinate with Level 2/3 analysts for complex investigations and provide detailed incident reports.
• Maintain health of SIEM alerts, fine‑tune detection rules, and report false positives.
• Assist in forensic data collection and support compliance audit activities.
• Stay current on emerging threats, attack techniques, and industry best practices.

Required profile

• Basic to intermediate knowledge of network security, TCP/IP, and troubleshooting.
• Familiarity with SIEM platforms such as IBM QRadar, Splunk, ArcSight, Microsoft Sentinel, or LogRhythm.
• Understanding of log analysis, firewalls, IDS/IPS, endpoint security, and anti‑malware solutions.
• Awareness of MITRE ATT&CK, NIST Cybersecurity Framework, CIS Controls, and ISO 27001.
• Ability to investigate phishing emails and suspicious files.
• Basic knowledge of Linux/Unix, Windows operating systems, and common network services.

Required skills

• SIEM (IBM QRadar, Splunk, ArcSight, Microsoft Sentinel, LogRhythm)
• Network security & TCP/IP
• Log analysis
• Firewalls, IDS/IPS
• Endpoint security & anti‑malware
• MITRE ATT&CK framework
• NIST Cybersecurity Framework
• CIS Controls
• ISO 27001
• Phishing investigation
• Linux/Unix
• Windows OS
• Vulnerability management
• Threat intelligence