SOC Analyst

Summary

The SOC Analyst is responsible for continuous security monitoring, alert triage, incident investigation, and Incident Response (IR) activities across the organization’s environment. The role involves identifying, analyzing, containing, eradicating, and recovering from cybersecurity incidents while ensuring proper execution of all Incident Response lifecycle processes.

The SOC Analyst will investigate alerts, incidents, and security incidents generated from SIEM platforms and ticketing systems, perform proactive threat hunting, improve detection visibility through SIEM fine-tuning and engineering, and coordinate remediation activities with internal stakeholders. The role also requires leading incident bridge calls, driving remediation efforts, and ensuring timely closure of security incidents in alignment with organizational security policies and SLAs.

________________________________________

Key Responsibilities

1. Security Monitoring & Alert Investigation

•            Monitor and investigate security alerts, incidents, and security incidents from SIEM platforms and ticketing systems.

•            Analyze and triage Alerts, Incidents, and Security Incidents to determine legitimacy, severity, scope, and impact.

•            Correlate logs and events from multiple security tools including EDR, firewalls, IDS/IPS, cloud platforms, and endpoint systems.

•            Escalate validated threats and critical incidents according to defined procedures.

•            Ensure timely response and resolution within agreed SLAs.

________________________________________

2. Incident Response (IR) & Security Incident Handling

•            Execute all stages of the Incident Response lifecycle:

o            Preparation

o            Identification

o            Containment

o            Eradication

o            Recovery

o            Lessons Learned

•            Investigate and respond to cybersecurity incidents including malware infections, phishing attacks, unauthorized access, insider threats, and suspicious activities.

•            Perform root cause analysis and determine attack vectors, impacted assets, and remediation actions.

•            Coordinate containment and recovery activities with infrastructure, network, endpoint, and application teams.

•            Maintain proper incident documentation, evidence collection, timelines, and response records.

•            Support post-incident review and improvement activities.

________________________________________

3. SIEM Fine-Tuning & Security Engineering

•            Fine-tune SIEM use cases, correlation rules, parsers, dashboards, and alerting mechanisms.

•            Reduce false positives and improve detection accuracy and operational efficiency.

•            Enhance monitoring visibility by onboarding new log sources and improving telemetry coverage.

•            Identify monitoring gaps and recommend improvements to security controls and detection capabilities.

•            Support automation and security orchestration initiatives.

________________________________________

4. Threat Hunting

•            Conduct proactive threat hunting activities to identify advanced threats and hidden malicious behavior.

•            Utilize threat intelligence, IOC analysis, behavioral analytics, and MITRE ATT&CK techniques during investigations.

•            Develop and execute threat hunting hypotheses and detection queries.

•            Identify anomalous activities and improve detection logic based on findings.

•            Provide recommendations to strengthen the organization’s security posture.

________________________________________

5. Stakeholder Coordination & Incident Management

•            Drive and lead incident bridge calls with internal and external stakeholders during active security incidents.

•            Coordinate remediation and recovery activities with technical teams and business owners.

•            Provide regular incident status updates, technical findings, and remediation recommendations.

•            Track remediation actions and ensure timely closure of security incidents.

•            Participate in operational and management reporting activities.

________________________________________

Day-to-Day Activities

•            Monitor SIEM dashboards, alerts, and incident queues.

•            Investigate suspicious events and validate security alerts.

•            Respond to and manage security incidents following IR processes.

•            Perform log analysis, event correlation, and root cause analysis.

•            Fine-tune SIEM rules and improve detection visibility.

•            Conduct proactive threat hunting and IOC analysis.

•            Lead incident response and remediation coordination calls.

•            Create and maintain SOPs, playbooks, and operational documentation.

•            Update tickets, incident records, and investigation reports.

•            Collaborate with stakeholders to ensure timely remediation and recovery.

________________________________________

Required Skills & Experience

Technical Skills

•            Hands-on experience with SIEM platforms such as Splunk, QRadar, Sentinel, ArcSight, or similar.

•            Strong understanding of Incident Response processes and security operations workflows.

•            Knowledge of EDR/XDR, IDS/IPS, firewalls, antivirus, and endpoint security solutions.

•            Familiarity with MITRE ATT&CK framework and threat hunting me