Security Operations Center Analyst

Role Overview

Key Responsibilities

• Continuous monitoring of SIEM dashboard (within the shift period) for incoming alerts across all integrated log sources like network, endpoint, identity, cloud, email, etc.
• Perform first-level triage for each alert by following approved SOPs and playbooks.
• Determine whether the alert is a true positive/ false positive, and classify initial incident priority (P1-P4) based on the severity matrix defined in the SOP and escalate to L2 for further investigation
• Conduct initial enrichment through basic context-gathering like checking the source/destination, reading the raw logs, looking up an IP or hash, confirming whether an asset or user is in scope.
• When an alert is a confirmed or suspected true positive, escalate to L2 with complete, structured case notes (what was seen, what was checked, timestamps, and why it's being escalated)
• Record every action, timestamp, in the ticketing system (ITSM)
• Maintain shift handover logs and meet SLA targets for alert acknowledgment and initial triage.

Required Skills & Experience

• 1–3 years of experience in a Security Operations Centre or security monitoring role.
• Hands-on experience with one or more SIEM platforms: Google Chronicle/SecOps, Splunk, Microsoft Sentinel, IBM QRadar, ArcSight, or LogRhythm.
• Hands-on experience with SOAR platforms: Palo Alto XSOAR, Splunk SOAR, IBM Resilient, or equivalent.
• Working knowledge of common attack techniques and MITRE ATT&CK framework.
• Ability to read and interpret log data across network, endpoint, and cloud sources.
• Understanding of alert triage methodology and escalation criteria.
• Basic knowledge of networking protocols: TCP/IP, DNS, HTTP/S, and firewall log interpretation.
• Strong documentation discipline and attention to detail.

Behavioural & Operational Requirements

• Willingness to work in a 24x7 shift-based environment including nights, weekends, and public holidays.
• Flexible and adaptable to rotational shift schedules and short-notice coverage needs.
• Strong team player — ability to collaborate effectively across shift teams and hand over cases with full context and clarity.
• Maintains composure and consistent performance under high-alert-volume conditions.

Education

• Minimum qualification required:
• Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related technical discipline.
• Master’s Degree in Cybersecurity or Computer Science is an added advantage.

Preferred Qualifications

• EC-Council Certified Security Analyst (ECSA)

• CompTIA Security+
• CC (ISC²) or equivalent industry-recognized certification

Additional

• Exposure to Agentic AI tools or AI-assisted SOC workflows — including LLM-based alert triage assistants, AI-driven investigation copilots, or automated threat summarization tools.
• Familiarity with ticketing tools such as ServiceNow or JIRA.
• Prior experience in a 24x7 shift-based SOC or MSSP environment.