Key Responsibilities:
- Monitor security alerts and logs from various sources (SIEM, EDR, firewalls, IDS/IPS, email gateways).
- Analyze events for malicious activity using threat intelligence, behavioral analysis, and log correlation.
- Escalate confirmed incidents with detailed analysis and recommended next steps.
- Support incident response efforts by gathering evidence, documenting actions, and containing threats.
- Create and maintain incident tickets and documentation per SOC procedures.
- Perform basic triage and enrichment of alerts using internal and external intelligence sources.
- Assist with tuning detection rules to reduce false positives.
- Participate in daily SOC briefings and knowledge-sharing sessions.
- Maintain awareness of the current threat landscape and participate in continuous training.
Required Skills & Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field—or equivalent experience.
- Strong analytical and problem-solving skills.
- Willingness to work in a 24x7 shift rotation, including weekends and holidays (if required).
- Excellent written and verbal communication skills.
- Foundational knowledge of:
Security concepts (e.g., CIA triad, attack lifecycle, kill chain)
TCP/IP, DNS, HTTP/S, SMTP, and network protocols
Windows and Linux operating systems
- Familiarity with tools such as:
Preferred:
- Certifications: CompTIA Security+, CySA+, GSEC, or similar.
- Experience with scripting (Python, PowerShell, or Bash).
- Familiarity with incident response frameworks and playbooks.
- Hands-on lab or internship experience in a SOC or cybersecurity role.
#LI-JC2
