Associate SOC L1 Analyst

Job Description

• Operate within SOC environment, to Analyze alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritize alerts and incidents.
• Monitor and analyze security information and event management (SIEM) tools like Microsoft Sentinel to identify potential security incidents and anomalies.
• Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively.
• Execute swift containment and remediation measures for identified security incidents, employing predefined response strategies to isolate affected systems and prevent further compromise.
• Proactively participate in the creation and enhancement of processes and procedures such as Security Playbooks.
• Refine and optimize analytical rules within the Sentinel SIEM platform to reduce false positive alerts, enhancing the accuracy and efficiency of threat detection.
• Assist in vulnerability assessments and penetration testing activities. Evaluate and prioritise identified vulnerabilities for remediation by collaborating directly with customers.
• Maintain accurate records of incidents, investigations, and security-related activities within the incident management platform.
• Create detailed reports on security incidents, response actions taken, and recommendations for improvement.
• Research new concepts and present them to the internal team as well as customers.
• Security monitoring experience with one or more SIEM technologies, preferably Microsoft Sentinel. Knowledge of EDR solutions including Microsoft Defender.
• Strong understanding of Windows, Linux and cloud technologies including Microsoft Azure and Office365.
• Good understanding of security solutions including SIEMs, Web Proxies, Anti-Virus, Firewalls, VPN, authentication providers and mechanisms, encryption, IPS/IDS.
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols.
• The candidate must hold a degree in Computer Science, Information Security, or a related field, along with Microsoft Security Operations Analyst certification.