SOC Analyst-Tier 1 (R-00068)

Tier 1 SOC Analyst Responsibilities

• The ability to perform triage on all security related events
• Investigate and identify the root cause behind security incidents – to include all stages of the cyber kill chain as appropriate/needed
• The ability to determine the extent and remediation of security events 
• Refinement/improvement of existing use cases/alerting with Tier 2 
• Perform regular continuous monitoring of events across platforms, operating systems, databases, and management systems. 
• Track and communicate reported events for numerous different security platforms, operating systems, databases, and management systems. 
• Review existing security events and propose refinements as necessary 
• Improve and implement indicators and protections across platforms, operating systems, databases, and management systems. 
• The ability to perform general operational and maintenance tasks for the organization
• Performing reviews of previously blocked domains/IPs 
• Generating datasets for later analysis by other members of the team 
• Generate reports on a scheduled basis to document findings and remediation efforts, to include recommendations to the system owners 
• Following defined procedures for metrics generation  
• The ability to provide the first line communication for events into the SOC 
• Handle or escalate emails send to the SOC
• Handle or escalate incoming phone calls to the SOC
• The ability to communicate professionally on all security events should they arise
• Document a description of each event handled and store the artifacts related to the handling of those events within the ticketing system 
• Work collaboratively with various stakeholders to investigate events of interest and incidents 

Tier 1 SOC Analyst Requirements

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience perferred). 
• Proven experience (2+ years) in a SOC or security-related role, with a focus on incident monitoring, analysis, and response. 
• Familiarity with security technologies and tools such as SIEM, IDS/IPS, firewalls, antivirus, and endpoint protection systems. 
• Understanding of common network protocols (TCP/IP, DNS, HTTP, etc.) and their role in security monitoring. 
• Knowledge of security incident response methodologies and best practices. 
• Familiarity with various operating systems (Windows, Linux, etc.) and their security features. 
• Basic understanding of malware analysis and its impact on security incidents. 
• Strong analytical and problem-solving skills, with the ability to work under pressure and meet tight deadlines. 
• Excellent communication skills, both written and verbal, with the ability to effectively document and report on security incidents. 
• Security certifications such as CompTIA Security+, GCIH, or GCIA are highly desirable. 
• Experience with threat hunting and proactive detection techniques. 
• Familiarity with log analysis and familiarity with log management tools. 
• Understanding of common cybersecurity frameworks such as NIST, ISO 27001, or CIS Controls. 
• Knowledge of scripting languages (Python, PowerShell, etc.) for automation and data analysis. 
• Familiarity with cloud platforms and their impact on SOC operations (e.g., AWS, Azure, GCP). 
• Ability to work collaboratively in a team environment and effectively communicate with technical and non-technical stakeholders. 
• Continuous learning mindset and a passion for staying up to date with the latest cybersecurity trends and technologies.