Security Analyst L1

SOC Analyst L1

We are looking for a Security Analyst (L1) with minimum of 1 year of experience to join our Security Operations Center (SOC) team. The analyst will support 24x7 security monitoring, alert triage, and basic investigation of security events using SIEM and EDR/XDR tools.

Key Responsibilities

Security Monitoring

Monitor security alerts and logs using SIEM tools such as Microsoft Sentinel and LogRhythm

Monitor endpoint alerts from Microsoft Defender and CrowdStrike Falcon

Follow defined SOC runbooks and escalation procedures

Alert Triage & Investigation

Perform initial triage of security alerts to identify potential threats

Review logs, alerts, and indicators to determine if activity is malicious or a false positive

Collect basic investigation details and escalate confirmed or suspicious alerts to L2 analysts

Endpoint & Account Actions

Assist in basic response actions such as:

Endpoint isolation (with approval)

Blocking malicious IPs/domains

Account password resets (as per SOP)

Work closely with senior analysts during active incidents

Log Analysis & Learning

Review logs from sources like firewalls, Microsoft 365, and identity systems

Learn to use KQL queries for searching and filtering security logs

Understand attack patterns using the MITRE ATT&CK framework

Documentation & Reporting

Create and update incident tickets with clear notes and timelines

Maintain proper documentation of actions taken

Assist in post-incident reporting when required

Collaboration

Escalate alerts to L2 / Incident Response teams with proper evidence

Communicate clearly with SOC leads during shift handovers

Required Skills & Qualifications

Experience

13 years experience in SOC/Cybersecurity

Certifications (Preferred, Not Mandatory)

Microsoft SC-200 (Cybersecurity Operations Analyst)

CompTIA Security+

Any SOC / Blue Team training or certification

Employment Type

Full Time Permanent