Soc Analyst jobs

Your opportunity

• Real-Time Monitoring: Monitor SIEM consoles, intrusion detection systems, and endpoint security tools continuously to identify anomalous or malicious activity across networks, endpoints, and cloud environments.
• Alert Triage: Triage incoming security alerts by determining severity and validity. Quickly filter out false positives and identify true security incidents. Follow documented playbooks to decide initial containment steps or further investigation.
• Log Analysis: Collect and analyze logs from multiple sources (e.g., firewalls, IDS/IPS, EDR, antivirus, email security, and system logs) to investigate alerts and find indicators of compromise.
• Documentation: Document all actions taken during alert triage and incident handling in the incident management or ticketing system, ensuring accuracy and thoroughness in recording findings, steps taken, and handoff notes.
Threat Intelligence Utilization:
• threat intelligence feeds and known Indicators of Compromise (IOCs) to enrich alert analysis. Keep track of emerging threats (common malware, phishing campaigns, etc.) and use this knowledge to improve triage decisions.
• Shift Handover: Participate in shift handoff briefings at the start and end of shifts to communicate ongoing incidents, ensure continuity, and maintain situational awareness between 24/7 rotating shifts.
• Compliance & SOP Adherence: Adhere to all SOC policies, security standards, and service-level agreements for incident response (e.g., required response times). Ensure that daily actions and documentation meet any regulatory or audit requirements relevant to the financial industry

What you have

• Education & Experience: Bachelor’s degree in Cybersecurity, Computer Science, Information
• Technology or a related field, or equivalent work experience. Approximately 0–2 years of experience in a security operations, IT support, or network/system administration role (entry-level candidates with strong fundamental knowledge are acceptable).
• Technical Foundations: Basic understanding of computer networks (TCP/IP, ports, routing) and operating systems (Windows/Linux). Familiarity with common cyber-attack types (malware, phishing, network intrusion) and fundamental concepts of incident response.
• Hands-On Skills: Exposure to security monitoring tools such as Security Information and Event
• Management (SIEM) platforms (e.g., Splunk, IBM QRadar, Microsoft Sentinel) and basic knowledge of Endpoint Detection & Response (EDR) tools or intrusion detection systems. Ability to perform basic log queries and understand security alerts’ output
• Analytical Ability: Demonstrated problem-solving skills and attention to detail. Comfortable following procedures to analyze data and identify abnormalities.
• Certification: CompTIA Security+ certification (highly preferred, or ability to obtain within 6–12 months of hire). This certification indicates a solid foundation in cybersecurity concepts suitable for an entry level SOC role.

• Additional Skills: Basic scripting or programming experience (e.g., Python, PowerShell) to automate simple tasks or parse logs is a plus.
• Knowledge of Security Tools: Familiarity with any ticketing or case management system for tracking incidents. Experience with network monitoring tools or vulnerability scanners is a bonus.
• Exposure to Best Practices: Awareness of cybersecurity frameworks or standards (like MITRE ATT&CK for understanding attack techniques, or ITIL for service management) at a conceptual level.
• Extra Certifications: Completion of the CompTIA Cybersecurity Analyst (CySA+) or GIAC GSEC certifications is a plus, as these indicate an expanding skill set in security monitoring and analysis beyond the basics.