Description:
The SOC Analyst is responsible for monitoring, detecting, analyzing, and responding to cybersecurity events and incidents. This role is critical to the Security Operations Center's mission to protect client environments by identifying threats, minimizing risks, and ensuring timely escalation and remediation of security incidents.
What You'll Do:
- Monitor security alerts and events from SIEM, EDR, IDS/IPS, firewalls, and other security technologies.
- Perform triage and analysis of security events to determine severity, impact, and root cause.
- Document and escalate incidents per defined incident response procedures.
- Execute initial containment and remediation steps based on defined playbooks.
- Maintain situational awareness of current threats and vulnerabilities.
- Provide detailed and accurate incident reports for clients and internal stakeholders.
- Collaborate with incident response, threat intelligence, and engineering teams for deeper investigations and response activities.
- Create and maintain knowledge base articles, detection runbooks, and escalation workflows.
- Participate in after-hours/on-call rotation, if required.
Qualifications:
- Bachelor’s Degree from an accredited university or equivalent years of experience.
- A minimum of 2 years of experience in a SOC, cybersecurity, or IT security operations role.
- Familiarity with SIEM tools (e.g., Splunk, Sentinel, LogRhythm), EDR platforms (e.g., CrowdStrike, SentinelOne), and general networking concepts.
- Understanding of common attack vectors (e.g., phishing, ransomware, lateral movement).
- Strong analytical, investigative, and problem-solving skills.
- Experience with ITSM systems (e.g., ServiceNow, ConnectWise, FreshService).
- Background in Managed Services Provider (MSP) or similar customer-facing IT support environment.
- Excellent written, verbal, and interpersonal communication skills
- High adaptability to change and a customer-first mindset.
- Strong documentation habits and a commitment to knowledge-sharing.
- Familiarity with frameworks such as NIST, MITRE ATT&CK, and CIS Controls.
- Participate in a scheduled on-call rotation to provide after-hours escalation support for critical incidents, ensuring timely resolution and communication.