Security Operations Analyst

Key Responsibilities:

• Monitor and respond to alerts from SIEM systems (e.g., Splunk, Microsoft Sentinel, QRadar) and other security monitoring tools.
• Analyze and investigate potential security incidents, perform root cause analysis, and escalate as needed.
• Assist in the incident response lifecycle: detection, containment, eradication, recovery, and lessons learned.
• Conduct threat hunting activities using logs and threat intelligence sources.
• Maintain and tune SOC tools, including SIEMs, EDRs (e.g., CrowdStrike, SentinelOne), firewalls, and IDS/IPS.
• Document findings, create incident reports, and support post-incident reviews.
• Collaborate with IT, network, and application teams to enforce security policies and mitigate vulnerabilities.
• Stay current with emerging threats, vulnerabilities, and mitigation techniques.
• Contribute to playbooks and runbooks to improve operational efficiency.
• Support audits, compliance reporting (e.g., SOC 2, ISO 27001), and vulnerability assessments.

Qualifications and Requirements:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 2+ years of experience in a SOC or cybersecurity analyst role.
• Familiarity with security tools and concepts including:
• SIEM platforms (e.g., Splunk, Sentinel)
• EDR solutions (e.g., CrowdStrike, Defender for Endpoint)
• Firewalls, IDS/IPS, DLP
• MITRE ATT&CK, NIST, and OWASP frameworks
• Working knowledge of Windows/Linux operating systems and network protocols.
• Ability to interpret logs and data from multiple sources (network, endpoint, cloud, etc.).
• Strong problem-solving, communication, and documentation skills.
• Ability to work in a fast-paced, 24x7 security operations environment.