The SOC Analyst I is a junior/associate level, customer facing role responsible for 24×7 monitoring, initial triage, and escalation of security events. The analyst helps protect the organization by reviewing alerts, investigating suspicious activity, executing documented playbooks, and supporting incident response activities. This role focuses on day to day security operations across multiple domains such as network, endpoint, email, and application security, while contributing to the continuous improvement of SOC processes, documentation, and incident handling practices.
- Security Monitoring & Triage (60%)
o Monitor SIEM/SOAR and security tool queues for alerts; perform initial triage, enrichment, and severity classification.
o Investigate email borne threats (phishing, malware, BEC indicators) using consoles and reports; quarantine/contain per playbooks.
o Review WAF events (rules, thresholds, bot activity, anomalies), validate true/false positives, and escalate as needed.
o Document every action, observation, and decision in ticketing systems with clear, reproducible notes.
- Incident Response Support (25%)
o Execute first responder steps for high fidelity alerts (isolation requests, account lockouts, message recalls, URL detonation, basic IOC searches).
o Follow escalation paths to Incident Handlers/Engineers; participate in incident bridges and provide timely updates.
o Preserve evidence (artifacts, timelines) and support post incident review with accurate case documentation.
- Operational Hygiene & Improvement (10%)
o Maintain and improve playbooks/runbooks (email phishing, malware detonation, WAF false positive handling, brute force patterns).
o Assist with routine health checks of SOC tools, dashboard hygiene, and alert tuning recommendations. o Contribute to automation opportunities and knowledge base articles.
- Collaboration & Communication (5%)
o Communicate clearly with senior analysts, engineers, and stakeholders; provide concise status and handoffs across shifts.
REQUIRED SKILLS AND EXPERIENCE
- 1-3 years of experience as a SOC or Incident Response Analyst
- Knowledge of security frameworks and standards (e.g., NIST, ISO 27001).
- Proficiency in cybersecurity EDR and SIEM tools, including CrowdStrike and Splunk
- Experience in dealing with Phishing/ Email Threats, Web Application/ WAF Events and Incident Response
