Job Description

Security Monitoring & Alert Triage:
Continuously monitor security alerts generated by various security tools (SIEM, EDR, IDS/IPS, firewalls, etc.) for suspicious activities, anomalies, and potential security breaches.
Perform initial triage and analysis of security events, correlating data from multiple sources to determine the severity and legitimacy of alerts.
Prioritize alerts based on risk and impact, escalating critical incidents to higher-tier analysts or incident response teams as necessary.
Incident Detection & Response:
Investigate detected security incidents, including malware infections, phishing attempts, unauthorized access, and data exfiltration, to understand their scope, root cause, and impact.
Execute incident response procedures to contain, eradicate, and recover from security incidents effectively, minimizing downtime and data loss.
Document all incident details, analysis, actions taken, and lessons learned for future reference and compliance.
Threat Analysis & Intelligence:
Stay up-to-date with the latest cybersecurity threats, vulnerabilities, attack techniques (TTPs), and threat intelligence.
Analyze threat intelligence to identify potential risks to the organization and proactively develop detection rules and countermeasures.
Contribute to threat hunting activities to proactively identify stealthy threats that may evade existing security controls.
Security Tool Management & Optimization:
Operate and maintain various security tools and technologies, ensuring their optimal configuration and performance.
Assist in tuning security tools to reduce false positives and improve the accuracy of threat detection.
Collaborate with security engineers to deploy and integrate new security solutions.
Vulnerability Management & Compliance (especially for Tier 2/Senior):
Assist in vulnerability assessments and penetration testing activities to identify weaknesses in systems and applications.
Contribute to the development and implementation of security policies, procedures, and best practices.
Ensure compliance with industry standards and regulatory requirements (e.g., GDPR, HIPAA, ISO 27001).
Documentation & Reporting:
Maintain accurate and detailed records of security events, incidents, and investigations.
Generate regular reports on security posture, incident trends, and SOC performance metrics for management and stakeholders.
Collaboration & Communication:
Work closely with other security teams (e.g., Incident Response, Red Team, GRC), IT operations, and business units to address security concerns and promote a security-conscious culture.
Communicate technical security issues clearly and concisely to both technical and non-technical audiences.
Qualifications:
Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
Experience:
Tier 1 (Entry-Level): 0-2 years of experience in a cybersecurity role, IT support, or a related field.
Tier 2: 2-5 years of experience in a SOC or incident response role.
Senior: 5+ years of experience in a SOC, with demonstrated leadership or specialized expertise.
Required Skills:
Technical Proficiency:
Strong understanding of networking fundamentals (TCP/IP, firewalls, routing, switching).
Familiarity with various operating systems (Windows, Linux, macOS).
Experience with security tools such as:
Security Information and Event Management (SIEM) systems (e.g., Splunk, QRadar, Elastic SIEM).
Endpoint Detection and Response (EDR) solutions.
Intrusion Detection/Prevention Systems (IDS/IPS).
Vulnerability scanners.
Antivirus/Anti-malware solutions.
Packet analysis tools (e.g., Wireshark).
Understanding of common attack vectors and mitigation strategies.
Basic scripting skills (Python, PowerShell) are a plus.
Knowledge of cloud security concepts (AWS, Azure, GCP) is beneficial for senior roles.
Analytical & Problem-Solving Skills:
Strong analytical and critical thinking abilities to investigate complex security issues.
Excellent problem-solving skills with the ability to identify root causes and develop effective solutions.
Attention to detail and a methodical approach to investigations.
Communication & Collaboration:
Excellent written and verbal communication skills for reporting, documentation, and stakeholder interaction.
Ability to work effectively in a team environment and collaborate with diverse technical teams.
Soft Skills:
High level of integrity and professional ethics.
Ability to work under pressure and manage multiple priorities.
Proactive and self-motivated with a strong desire to learn and grow in the cybersecurity field.
Adaptability to rapidly evolving threat landscapes and technologies.