Role Summary

• The L1 SOC Analyst provides first-line monitoring, triage, and incident escalation within the Security Operations Centre. 
• The role focuses on continuous surveillance of security events, identifying suspicious activities, conducting basic investigation, and ensuring timely escalation to L2/L3 teams following approved playbooks and SLAs. 
• The L1 Analyst is critical in maintaining 24/7 detection coverage and supporting the organization’s cybersecurity posture.

Key Responsibilities

Security Monitoring & Alert Handling

• Monitor SIEM dashboards, alerts, and log sources in real-time (Securonix, Splunk, Rapid7 InsightIDR, qradar).
• Perform initial triage of alerts based on severity and defined SOPs.
• Validate false positives vs true positives using available tools.
• Escalate incidents to L2/L3 and SOC Lead when thresholds are met.

Incident Response Support

• Conduct first-level investigation of suspicious activity (e.g., brute force, malware detection, privilege misuse).
• Gather evidence and document findings in JIRA.
• Execute basic containment actions when permitted (e.g., isolate host, block IOC, disable account) following playbooks.

Log Management & Reporting

• Review and analyze logs from endpoints, servers, cloud platforms, and applications.
• Ensure all log sources are properly ingested and reporting successfully within the SIEM.
• Generate daily SOC shift reports and handover documentation.

Threat Intelligence Consumption

• Review threat intelligence feeds and correlate IOCs with observed alerts.
• Report emerging or unusual patterns to L2/L3 teams for further analysis.

Compliance & Operational Duties

• Adhere strictly to SOC SOPs, runbooks, and escalation matrices.
• Maintain accurate documentation, incident timelines, and evidence.
• Participate in rotating shifts (day/night/weekend).

Required Skills & Competencies

Technical Skills

• Foundational understanding of cybersecurity concepts (CIA triad, attack vectors, malware categories).
• Basic knowledge of Windows, Linux, and networking fundamentals (TCP/IP, DNS, VPN, HTTP).
• Experience or familiarity with SIEM platforms (Securonix, Splunk, Rapid7 InsightIDR).
• Ability to interpret logs from endpoints, servers, authentication systems, and cloud environments.
• Basic understanding of MITRE ATT&CK (awareness level).

Soft Skills

• Strong analytical and problem-solving abilities.
• High attention to detail and accuracy.
• Ability to work under pressure and within strict SLAs.
• Excellent communication and documentation skills.
• Ability to follow instructions and escalate promptly.

Key Performance Indicators (KPIs)

• Accuracy of alert triage.
• SLA adherence for response and escalation.
• Quality and completeness of JIRA documentation.
• Compliance with SOC processes and shift discipline.
• Reduction in false-positive escalations through effective triage.

Tools & Technologies Familiarity (Preferred)

• SIEM: Securonix, Splunk, Rapid7 InsightIDR
• EDR: CrowdStrike, Sophos, Microsoft Defender for Endpoint
• Ticketing: JIRA
• Threat Intel: VirusTotal, AbuseIPDB, OTX, ANY.RUN