SOC Tier 1 Analyst

About The Position

Requirements

• 1-3 years of experience in cybersecurity, IT operations, help desk, networking, systems administration, or SOC monitoring.
• Basic experience using SIEM, EDR, ticketing, case management, or log-search tools to review security events or operational alerts.
• Foundational knowledge of Windows, Linux, networking, cloud, identity, endpoint, and common cyber threat concepts.
• Ability to follow runbooks, validate alerts, document findings, and escalate issues accurately and promptly.
• Familiarity with incident escalation procedures, shift handoff practices, and basic evidence-handling expectations.
• Strong attention to detail, written documentation skills, and ability to communicate clearly with technical teams.

Responsibilities

• Monitor security events and alerts across SIEM, EDR, IDS/IPS, cloud, network, identity, case management, and other approved security platforms.
• Perform first-level alert validation to determine whether activity is benign, suspicious, policy-related, or requires escalation.
• Assign initial severity, scope, affected assets, affected accounts, and potential impact using approved triage criteria and runbooks.
• Escalate confirmed, ambiguous, high-risk, or complex alerts to SOC Analyst 2, SOC Analyst 3, or SOC leadership according to established procedures.
• Create and update incident tickets with clear descriptions, timestamps, evidence references, preliminary findings, and actions taken.
• Document investigation steps, alert context, decisions, and escalation rationale clearly and accurately.
• Prepare shift handoff notes and status updates to ensure continuity of monitoring and incident follow-up.
• Maintain case management hygiene, including accurate categorization, status tracking, and closure documentation for routine alerts.
• Support standard incident response activities under direction of SOC Analyst 2, SOC Analyst 3, incident responders, or SOC leadership.
• Collect readily available logs, alert details, endpoint information, user information, and other operational evidence needed for escalation.
• Coordinate basic information requests with system owners, security engineers, and other technical teams as directed.
• Track escalations and provide status updates until ownership is accepted by the appropriate SOC or specialized role.
• Use SOC tools such as SIEM, SOAR, EDR, threat intelligence portals, case management systems, and vulnerability platforms in accordance with approved procedures.
• Follow playbooks, standard operating procedures, evidence-handling expectations, and escalation thresholds consistently.
• Report suspected data quality issues, missing telemetry, dashboard problems, or tool availability concerns to SOC Analyst 2/3, Splunk engineering, or security engineering teams.
• Participate in training, drills, tabletop exercises, and lessons-learned activities to improve monitoring and triage performance.
• Stay current with common cyber threats, phishing techniques, malware trends, vulnerabilities, user behavior risks, and security operations best practices.
• Apply feedback from senior analysts to improve alert validation, documentation quality, and escalation accuracy.
• Contribute operational observations and recurring alert patterns to process improvement discussions.