SOC Analyst

The SOC Analyst I is a junior/associate level, customer facing role responsible for 24×7 monitoring, initial triage, and escalation of security events. The analyst helps protect the organization by reviewing alerts, investigating suspicious activity, executing documented playbooks, and supporting incident response activities. This role focuses on day to day security operations across multiple domains such as network, endpoint, email, and application security, while contributing to the continuous improvement of SOC processes, documentation, and incident handling practices.

• Security Monitoring & Triage (60%) o Monitor SIEM/SOAR and security tool queues for alerts; perform initial triage, enrichment, and severity classification. o Investigate email borne threats (phishing, malware, BEC indicators) using consoles and reports; quarantine/contain per playbooks. o Review WAF events (rules, thresholds, bot activity, anomalies), validate true/false positives, and escalate as needed. o Document every action, observation, and decision in ticketing systems with clear, reproducible notes.

• Incident Response Support (25%) o Execute first responder steps for high fidelity alerts (isolation requests, account lockouts, message recalls, URL detonation, basic IOC searches). o Follow escalation paths to Incident Handlers/Engineers; participate in incident bridges and provide timely updates. o Preserve evidence (artifacts, timelines) and support post incident review with accurate case documentation.

• Operational Hygiene & Improvement (10%) o Maintain and improve playbooks/runbooks (email phishing, malware detonation, WAF false positive handling, brute force patterns). o Assist with routine health checks of SOC tools, dashboard hygiene, and alert tuning recommendations. o Contribute to automation opportunities and knowledge base articles.

• Collaboration & Communication (5%) o Communicate clearly with senior analysts, engineers, and stakeholders; provide concise status and handoffs across shifts.

• 1-3 years of experience as a SOC or Incident Response Analyst
• Knowledge of security frameworks and standards (e.g., NIST, ISO 27001).
• Proficiency in cybersecurity EDR and SIEM tools, including CrowdStrike and Splunk
• Experience in dealing with Phishing/ Email Threats, Web Application/ WAF Events and Incident Response

Nice to Have Skills & Experience

• Bachelor's Degree in Cybersecurity, Computer Science, or related field, or equivalent experience.
• Hands on exposure to email quarantine workflows, user reported phishing queues
• Exposure to WAF (security configs/policies, bot manager insights, anomaly logs, false positive review).
• ITIL Foundations and ticketing platforms (e.g., ServiceNow/Jira).
• Security certifications (e.g., Security+, CySA+, SSCP) or equivalent coursework/labs.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.