Security Analyst

Role
Overview

The SOC L1
Analyst is responsible for 24x7 security monitoring, alert triage, and initial
investigation across enterprise security tools including SIEM, EDR/XDR, Cloud,
DLP, DAM, and Email Security. The role focuses on early threat detection,
accurate classification, and timely escalation of security incidents in line
with defined SLAs and SOC procedures.

Key
Responsibilities

• Monitor and
  triage alerts from SIEM, EDR/XDR, Cloud (Azure/AWS), DLP, DAM, and Email
  Security platforms
  
• Perform
  initial validation and classification of alerts (True Positive / False Positive
  / Benign)
  
• Investigate
  common threats such as phishing, malware, brute force attacks, and anomalous
  logins etc.
  
• Conduct IOC
  enrichment and basic threat analysis (IP, domain, hash reputation checks)
  
• Perform basic
  endpoint investigation (process tree, file activity, command -line review)
  
• Analyze email
  security alerts, including phishing and header analysis
  
• Validate DLP
  alerts for potential data leakage and DAM alerts for unauthorized database
  access
  
• Create,
  update, and manage incident tickets in JIRA with proper documentation
  
• Follow SOC
  playbooks and escalate confirmed incidents to L2 within SLA timelines
  
• Collaborate
  with IT and security teams for incident validation and response support
  

· 

• 2 to 4 years
  of experience in a Security Operations Center (SOC) or similar role
  
• Bachelor’s
  degree in Cybersecurity, Computer Science, IT, or related field
  
• Hands -on
  experience with at least one SIEM platform (e.g., Sentinel, Splunk, QRadar) and
  EDR/XDR tools (e.g., Microsoft Defender, CrowdStrike, SentinelOne)
  
• Basic
  understanding of cloud security logs (Azure AD, AWS CloudTrail)
  
• Familiarity
  with DLP and DAM concepts
  
• Knowledge of
  email security and phishing analysis techniques
  
• Relevant
  certifications preferred: CompTIA Security+, CEH, CySA+, SC -200
  

Core
Competencies

• Strong
  understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, ports &
  protocols)
  
• Knowledge of
  common cyber threats: phishing, malware, ransomware, brute force etc.
  
• Basic
  awareness of MITRE ATT&CK framework
  
• Ability to
  analyze logs and correlate events across multiple tools
  
• Good
  understanding of incident triage and escalation workflows
  
• Strong
  analytical thinking and attention to detail
  
• Effective
  communication and documentation skills
  
• Ability to
  work in a 24x7 rotational shift environment