SOC Analyst

Job Purpose

To support Security Operations by monitoring, detecting, analyzing, and responding to cybersecurity threats affecting the organization’s IT infrastructure, networks, and data. Focuses on incident response, SIEM-based detection engineering, SOAR implementation, and proactive threat hunting to improve detection capabilities, reduce response times, and enhance overall security operations effectiveness.

Key Result Responsibilities

• Investigates and responds to security incidents in a timely and effective manner.


• Performs deep-dive EDR analysis to identify threats and suspicious activities.


• Reduces Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through structured investigation workflows and adherence to established playbooks.


• Writes, tunes, and optimizes detection queries for threat detection and proactive hunting.


• Builds and maintains behavior-based detections to enhance threat visibility.


• Identifies and remediates detection gaps to strengthen monitoring coverage.

Key Result Responsibilities-Continued

• Performs alert tuning to reduce false positives and improve alert accuracy.


• Designs, implements, and maintains SOAR playbooks to automate repetitive SOC tasks.


• Integrates SOAR with SIEM, EDR, and threat intelligence platforms to streamline the end-to-end incident response workflow.


• Conducts threat hunts using SIEM and EDR telemetry to proactively identify potential threats.


• Collaborates with other analysts, threat intelligence teams, and IT/infrastructure teams during incident containment and remediation.

Qualifications (Academic, training, languages)

• Bachelor’s degree in Computer Science, Information Technology, Electronics, or a related engineering discipline.   


• Working knowledge of the MITRE ATT&CK framework and its application to detection coverage.


• Demonstrated experience writing and tuning SIEM detection rules with measurable improvement in alert fidelity.


• Fluent in English Language.


• Hands-on experience with EDR platforms including Microsoft Defender, CrowdStrike, or equivalent.


• Incident Response, Alert Triage, Threat Hunting, Malware Analysis, Ransomware Investigation.


• KQL (mandatory), SPL or equivalent SIEM query language.


• SIEM rule creation, behavioral analytics, alert tuning, false positive reduction.


• Hands-on experience designing and implementing SOAR playbooks.


• Workflow automation for alert enrichment and automated containment actions.


• Hands-on experience with SIEM platforms including Microsoft Sentinel, Datadog, Splunk, Securonix, LogRhythm, or equivalent.

Work Experience

• With 2–3 years of hands-on experience in a SOC or security operations environment


• Practical experience implementing or maintaining SOAR playbooks in a production SOC environment.