Job Description

A SOC - Analyst is the first line of defence in a Security Operations Center, responsible for monitoring, detecting, and responding to security incidents in real-time. Responsibility Use SIEM and EDR tools to continuously monitor system alerts and network traffic. Identify suspicious activities and indicators of compromise (IoCs). Perform initial triage of alerts and determine severity levels. Escalate incidents with clear documentation and context. Investigate alerts for root causes and determine actionable steps. Analyze phishing attempts, flagged URLs, and suspicious file attachments. Maintain detailed incident logs and generate regular security activity reports. Assist in creating playbooks and refining response workflows. Work with IT teams to remediate vulnerabilities and support compliance audits. Participate in war-room discussions during critical incidents. Root cause analysis for distinguishing false positives from genuine threats. Ability to correlate data from diverse sources to identify complex attack vectors. Leverage threat intelligence feeds to compare alerts with known signatures. Identify emerging threats and communicate insights to senior analysts. Hands-on experience with SIEM platforms (e.g., Splunk, QRadar) and EDR tools (e.g., CrowdStrike, Carbon Black). Basic scripting knowledge for automating repetitive SOC tasks. Stay updated on the latest cyber threats, tools, and techniques. Contribute to continuous improvement of SOC processes and detection capabilities. Strong communication skills for effective coordination with cross-functional teams. Mentorship of junior team members to foster team growth and resilience. Requirement Tech degree or equivalent (B.Tech/MCA/BCA/M.Tech) Skills Familiarity with SIEM platforms (Splunk, Azure Sentinel) and EDR tools (Microsoft Defender, Sentinel One). Basic understanding of IDS/IPS, vulnerability scanning tools (Nessus, Qualys), and packet analysis tools (Wireshark). Firewalls and Network Security Solid understanding of TCP/IP, DNS, DHCP, ARP, HTTP/HTTPS, and other protocols. Knowledge of packet capture and analysis tools like Wireshark or tcpdump. Operating Systems Windows: Event logs, registry analysis, PowerShell basics. Linux/Unix: Command-line utilities, syslogs, and basic shell scripting.( Bash , Python, etc ) Active Directory (AD) Vulnerability Management Basic understanding of vulnerability scanning tools like Nessus, Qualys, or OpenVAS. Knowledge of collecting and analyzing evidence (e.g., memory dumps, disk images). Mandatory: Certified Ethical Hacker (CEH) Preferred: CompTIA Security+, Certified SOC Analyst (CSA), or GSEC. Strong communication and documentation skills, with the ability to work collaboratively with other teams. Strong analytical and troubleshooting skills to address complex security incidents effectively.