Company Description

CT Defense offers expert cybersecurity services to protect businesses, guaranteeing security while helping them stay competitive in a constantly evolving digital landscape.

Role Summary

As a SOC Analyst - Level 1 , you are the first line of defense in monitoring and protecting our customers’ / organization’s IT environments. You will work in a 24/7 Security Operations Center, triaging security alerts, performing initial investigations, documenting findings, and escalating incidents according to established procedures.

Key Responsibilities

• Monitor security events from SIEM, EDR, firewall, IDS/IPS, email security, cloud security tools, etc.
• Triage alerts to distinguish true security incidents from false positives, following defined playbooks and use cases.
• Perform initial investigations, including:
• Checking source IPs, users, endpoints, URLs, domains.
• Reviewing event timelines and correlating logs.
• Gathering context from internal systems and threat intelligence sources.
• Escalate incidents to Level 2/3 SOC analysts or other teams based on severity, scope, and impact.
• Document activities clearly and accurately in tickets/cases, including steps taken, observations, and recommendations.
• Follow runbooks and SOPs for common incident types (e.g. phishing, malware, brute force, account lockouts, suspicious logins).
• Support incident response by collecting evidence (logs, screenshots, artifacts) as requested.
• Contribute to continuous improvement by:
• Reporting noisy rules and false positives.
• Suggesting tuning opportunities and playbook improvements.
• Maintain awareness of current threats, attack techniques, and security best practices.

Required Skills & Qualifications

• 0–2 years experience in IT, cybersecurity, SOC, NOC, or helpdesk (internships / labs accepted).
• Basic understanding of:
• Networking (TCP/IP, DNS, HTTP, VPN, routing).
• Operating systems (Windows, Linux) fundamentals.
• Security concepts: malware, phishing, brute-force, privilege escalation, lateral movement, etc.
• Familiarity with at least one of:
• SIEM platforms (e.g. Splunk, Microsoft Sentinel, QRadar, Elastic).
• EDR/XDR tools.
• Firewall / IDS / IPS logs.
• Ability to analyze logs and identify suspicious behavior.
• Strong attention to detail and analytical thinking.
• Good written and verbal communication in [language].
• Willingness to work in shifts (24/7 rotation, weekends/holidays as needed).
• Relevant certifications are a plus (e.g. Security+, CCNA, AZ-900, SC-200, CEH, or similar).

Personal Attributes

• Curious and eager to learn; stays interested in how attacks work.
• Calm under pressure, able to handle multiple alerts at once.
• Team player, open to feedback and mentoring.
• Reliable, process-oriented, and disciplined with documentation.

What We Offer

• Exposure to real-world security incidents and modern security technologies.
• Training, mentoring, and a clear growth path to Level 2/3 SOC roles, incident response, threat hunting, or cloud security.
• Competitive salary and benefits package.