What Will You Do
- Monitor security events and alerts using SIEM platforms such as Microsoft Sentinel, Splunk, Wazuh, or Google SecOps.
- Analyze and triage security alerts based on severity and potential impact.
- Conduct initial investigations of suspicious activities and potential security incidents.
- Collaborate with other security teams to escalate and mitigate incidents.
- Document investigation findings and assist in incident reporting.
- Support the development and maintenance of SOC playbooks and response procedures.
- Perform basic threat hunting based on Indicators of Compromise (IoCs).
- Assist in system patching and hardening based on security monitoring insights.
What Will You Need
- 1–3 years of experience in cybersecurity or IT support.
- Familiarity with at least one SIEM platform (Sentinel, Splunk, Wazuh, or Google SecOps).
- Basic understanding of TCP/IP, firewalls, IDS/IPS, and Windows/Linux systems.
- Strong log analysis and incident troubleshooting skills.
- Foundational knowledge of OWASP Top 10 and MITRE ATT&CK framework.
Nice to Have
- Certifications such as CompTIA Security+, SC-200, or CEH.
- Experience with tools like Sysmon, Suricata, or Azure Monitor.
- Basic scripting skills (Python, PowerShell, Bash).
- Exposure to cloud environments (Azure, AWS, GCP).
SOC Operational Focus
- Monitoring & Detection: Utilize SIEM to detect anomalies and potential attacks.
- Incident Response: Manage incidents from detection to resolution.
- Log Analysis: Analyze logs from firewalls, endpoints, servers, and applications.
- Threat Intelligence: Leverage threat intel feeds for contextual analysis.
- Reporting: Prepare daily and weekly security status reports.
Work Schedule
This role operates in two rotational shifts during working days:
(Morning): 7:00 AM – 4:00 PM
(Afternoon): 1:00 PM – 10:00 PM
