Analyst

We are seeking Level 1 Security Operations Analysts for our Security Operations Center (SOC) at client end to provide 24x7 security monitoring, detection, and initial incident response. The ideal candidates will have hands-on experience in security operations, specifically with Microsoft Sentinel, and will be responsible for monitoring alerts, performing initial triage, and escalating incidents as needed. This role is part of a 24x7 rotational shift schedule to ensure continuous coverage.

Key Responsibilities:

• Monitor Microsoft Sentinel for security alerts and events on a 24x7 basis.
• Perform initial triage and analysis of security events, including prioritization and escalation based on defined incident response procedures.
• Identify potential security incidents, false positives, and provide recommendations for mitigation or escalation to L2 SOC analysts.
• Leverage KQL queries for investigations.
• Document incidents, investigation results, and actions taken in the ticketing system.
• Follow established SOC processes and playbooks for effective incident response.
• Support continuous improvement by identifying gaps in monitoring and detection.
• Monitoring of other security tools such EDR - CrowdStrike, AWS Security Alerts for level 1 analysis based on the defined playbooks.
• Flexible in following updated playbooks as the security landscape changes.

Work Schedule:

• This is a 24x7 rotational shift position, which includes nights, weekends, and holidays.
• Candidates must be flexible and willing to work varying shifts to ensure consistent coverage.

Required Qualifications:

• 1-3 years of experience in a Security Operations Center (SOC) or a similar environment.
• Hands-on experience with Microsoft Sentinel for security monitoring and alert triage.
• Basic knowledge of cybersecurity concepts, threat detection, and incident response.
• Knowledge of other security technologies such as EDR, Cloud Security Platforms, Network Security etc.
• Familiarity with KQL (Kusto Query Language) for log analysis and alert tuning.
• Strong analytical skills and the ability to work under pressure during security incidents.
• Excellent communication skills, both written and verbal.

Preferred Qualifications:

• Experience with SIEM platforms beyond Microsoft Sentinel (e.g., Splunk, QRadar) is a plus.
• Relevant cybersecurity certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst).

Knowledge, Skills, and Abilities (NICE Framework)

Aligned with the NIST NICE framework for an L1 SOC Analyst role:

Knowledge (K):

• K0001: Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004: Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information.
• K0058: Knowledge of incident response and handling methodologies.
• K0103: Knowledge of SIEM tools, specifically Microsoft Sentinel.

Skills (S):

• S0001: Skill in monitoring and analyzing logs for suspicious activity.
• S0005: Skill in assessing the validity and priority of security alerts.
• S0138: Skill in identifying false positives and tuning detection rules.
• S0027: Skill in using KQL (Kusto Query Language) to query logs and alerts in Microsoft Sentinel.

Abilities (A):

• A0006: Ability to analyze security events to detect potential threats.
• A0050: Ability to perform initial incident triage and escalate based on impact.
• A0039: Ability to work collaboratively within a SOC team, particularly in a high-pressure, shift-based environment.
• A0062: Ability to document incident details clearly and accurately.

Soft Skills:

• Strong problem-solving abilities and keen attention to detail.
• Ability to work effectively within a team-oriented, fast-paced environment.
• Flexibility to adapt to changing priorities and shifts.