SOC Analyst – Level 1 (L1)
Key Responsibilities
- Monitor security alerts and events generated by the SIEM on a continuous basis.
- Perform initial triage and classification of alerts to determine true positives, false positives, and priority level.
- Escalate confirmed or high-priority incidents to L2/L3 analysts following defined escalation procedures.
- Document all analyzed alerts and actions taken in the case management system (DFIR-IRIS).
- Execute pre-approved response playbooks/workflows via the SOAR platform SOAR under L2 guidance.
- Perform basic enrichment of alerts using threat intelligence data Thread Intel — e.g., checking IP/domain/hash reputation.
- Monitor dashboards for system health, agent connectivity, and log ingestion status.
- Follow standard operating procedures (SOPs) and playbooks for common alert types (malware, brute force, policy violations, etc.).
- Maintain shift handover logs and communicate ongoing issues to the next shift.
- Assist in the creation and refinement of detection rules and reports as directed by senior analysts.
Required Skills & Qualifications
- Bachelor's degree in Computer Science, IT, Cybersecurity, or equivalent experience.
- 0–2 years of experience in a SOC or IT security role.
- Basic understanding of networking concepts (TCP/IP, DNS, HTTP/S, firewalls).
- Familiarity with common attack techniques (phishing, malware, brute force) and the MITRE ATT&CK framework (basic level).
- Basic knowledge of SIEM tools (Wazuh or similar) and log analysis.
- Good verbal and written communication skills for shift handovers and reporting.
- Ability to work rotational shifts, including nights/weekends.
SOC Analyst – Level 2 (L2)
Key Responsibilities
- Investigate and analyze incidents escalated by L1 analysts, performing deeper root-cause and impact analysis.
- Solid understanding of networking, operating systems (Windows/Linux), and common attack vectors.
- Lead incident response activities, coordinating containment, eradication, and recovery actions.
- Correlate data across SIEM, threat intelligence, and case management to build a complete picture of an incident.
- Design, build, and refine automated response workflows/playbooks in SOAR to improve response times and reduce manual effort.
- Perform threat hunting activities based on emerging threat intelligence, IOCs, and TTPs (Tactics, Techniques, and Procedures).
- Tune and refine SIEM correlation rules to reduce false positives and improve detection accuracy.
- Manage and update case records in , ensuring thorough documentation of evidence, timeline, and remediation steps.
- Conduct malware analysis (static/basic dynamic) and file/system forensics when required.
- Review and validate vulnerability scan results and SCA (Security Configuration Assessment) findings, prioritizing remediation with system owners.
- Mentor and provide technical guidance to L1 analysts, reviewing their triage decisions and providing feedback.
- Prepare detailed incident reports and executive summaries for management/client review.
- Contribute to the continuous improvement of SOC processes, playbooks, and detection content.
- Liaise with IT/infrastructure teams during incident containment and remediation activities.
Required Skills & Qualifications
- Bachelor's degree in Computer Science, IT, Cybersecurity, or equivalent experience.
- 1–2+ years of experience in a SOC, incident response, or security analyst role.
- Solid understanding of networking, operating systems (Windows/Linux), and common attack vectors.
- Hands-on experience with SIEM platforms (Wazuh preferred), log analysis, and correlation rule tuning.
- Experience with SOAR platforms (Shuffle or similar) for workflow automation.
- Familiarity with threat intelligence platforms (MISP) and applying IOCs/TTPs in investigations.
- Experience with case management/incident response platforms (DFIR-IRIS or similar).
- Strong understanding of the MITRE ATT&CK framework and its application in detection/investigation.