Job Openings SOC Analyst Level 1

About the job SOC Analyst Level 1

We are looking for a strong SOC Analyst Level 1 or a solid infrastructure/network professional eager to transition into cybersecurity. The ideal candidate should have experience with systems, networks, and log analysis. This role offers a great opportunity for growth in cybersecurity, providing hands-on experience with Google SecOps and other security technologies. As a SOC Analyst, you will monitor, correlate, and respond to security incidents in real time. A strong understanding of TCP/IP, Windows servers, and log analysis is essential, along with excellent problem-solving skills.

Key Responsibilities:

  • Monitor security alerts and events using Google SecOps or any similar SIEM tool.
  • Analyze logs from various sources, including:
    • Firewalls (e.g., FortiGate, Cisco ASA, Palo Alto, etc)
    • Endpoint Detection and Response (EDR) solutions (e.g., CrowdStrike, SentinelOne, FortiEDR, CarbonBlack, etc)
    • Windows event logs (Security, Application, System, etc)
    • Hypervisor logs (e.g., VMware ESXi, Microsoft Hyper-V, etc)
    • DNS filter logs (e.g., Umbrella, DNSFilter, etc)
    • Intrusion Prevention/Detection Systems (IPS/IDS)
    • VPN logs (e.g., IPsec, SSL VPN logs)
    • Email Security logs (e.g., Proofpoint, Mimecast, MS ATP)
    • Cloud security logs (e.g., AWS, GCP, Azure, etc)
    • Active Directory logs for authentication and policy violations
    • Authentication & Identity Protection Logs (e.g., Entra ID, IDP solutions)
    • Network Policy Server (NPS) logs for network access control and authentication
  • Correlate information from multiple sources to detect and analyze potential threats, identifying indicators of compromise (IoC) and escalating when necessary.
  • Perform incident investigation by correlating logs and events, establishing the context of security alerts, and identifying potential threats across different systems.
  • Liaise with senior analysts and other teams to validate and enhance security event investigations, ensuring that relevant context from different sources is used to build a comprehensive picture of security incidents.
  • Triage and respond to security incidents, escalating them to higher-level analysts when necessary.
  • Document and track security incidents in a ticketing system, ensuring timely resolution and follow-up.
  • Participate in regular team meetings and collaborate with other SOC team members to improve incident detection and response processes.

Qualifications:

  • Mandatory:
    • Strong understanding of TCP/IP and network protocols.
    • Proficient in working with Windows servers and related technologies.
    • Basic understanding of cybersecurity concepts and practices.
    • Strong analytical and problem-solving skills, with the ability to correlate information from multiple sources.
    • Excellent communication skills
    • Ability to work in a fast-paced, high-pressure environment.
    • Willingness to learn and adapt in a constantly evolving security landscape.

  • Would Be an Advantage:
    • Familiarity with Google SecOps and/or other SIEM tools
    • Experience with networking, firewalls, and intrusion detection/prevention systems.
    • Knowledge of cybersecurity investigation tools and practices (e.g., forensics tools, malware analysis tools, network traffic analysis).
    • Ability to clearly document and report security events.

Or refer someone