SOC Analyst (Level 1)

About The Position

Requirements

• 0–2 years in a SOC / security monitoring / IT operations role (or equivalent hands-on experience, internships, labs).
• Practical knowledge of security fundamentals: networking, DNS, HTTP(S), identity/authentication, and malware basics.
• Familiarity with log investigation and event triage concepts.
• Familiarity with common security tools and workflows (any of the following): SIEM (Splunk/Elastic/Sentinel), EDR (CrowdStrike/Defender), ticketing (Jira/ServiceNow), basic SOAR concepts.
• Strong written communication: produce clear, escalation-ready tickets and timelines.
• Ability to work rotating shifts/on-call (as required), including weekends/holidays depending on coverage model.

Nice To Haves

• Cloud security exposure (AWS/GCP/Azure): CloudTrail/Activity Logs, IAM analysis, detections for token/key misuse.
• Familiarity with incident response frameworks/processes (e.g., NIST incident response guidance).
• Exposure to detection engineering concepts (rule tuning, false-positive reduction), or basic scripting (Python/Bash) for investigation automation.
• Knowledge of the digital-asset ecosystem (exchanges, custody concepts, operational risk in 24/7 trading environments).
• Certifications (optional): Security+, Blue Team Level 1, SSCP, or equivalent practical training.

Responsibilities

• 24/7 monitoring and alert triage across SIEM/EDR/cloud security tooling; identify false positives vs. credible threats and set appropriate severity.
• Initial investigation and enrichment: gather relevant logs/telemetry, add context, and document findings clearly in the case/ticketing system.
• Escalation and coordination: escalate confirmed/suspected incidents quickly and cleanly to L2/IR with a complete handoff (timeline, scope, IOCs, actions taken).
• Runbook execution: follow SOPs for common events (phishing, suspicious logins, endpoint detections, cloud key/token risk, malware alerts, data exfiltration signals), including containment actions you’re authorized to perform.
• Threat-aware analysis: map alerts to adversary behaviors (e.g., MITRE ATT&CK techniques) to improve understanding and escalation quality.
• Operational hygiene: maintain accurate shift handovers, update watchlists and investigation notes, and identify recurring alert patterns for tuning recommendations.

Benefits

• Work in a fast-moving, globally distributed environment shaping the future of digital financial markets.
• A culture that expects ownership, learning, and continuous improvement.