SOC Analyst

We are seeking a skilled and driven SOC Analyst / Incident Responder to join our Cyber Security Operations Center. The successful candidate will be responsible for real-time monitoring, detection, analysis, and response to security events and incidents across our customers' environments. This role requires hands-on experience in security operations and incident handling, and a proactive approach to threat mitigation.

The position operates in a 24/7 shift environment, including rotational night and weekend shifts.

1. Real-Time Monitoring: Continuously monitor SIEM, EDR, NDR, and other security platforms to identify suspicious activities and potential threats.
2. Alert Triage and Escalation: Analyze security alerts, determine their severity, and escalate as necessary based on established playbooks and SLAs.
3. Incident Response: Take ownership of incidents, perform root cause analysis, contain threats, eradicate malicious artifacts, and support recovery efforts.
4. Log and Event Analysis: Correlate events from multiple sources (firewalls, proxies, endpoints, cloud, identity platforms) to uncover attack patterns.
5. Threat Hunting: Perform proactive threat hunting based on IOCs, behavioral analytics, and MITRE ATT&CK framework.
6. Tool Usage and Integration: Utilize tools like SIEM (e.g., Wazuh, Elasticsearch, Microsoft Sentinel), SOAR, EDR (e.g., CrowdStrike, SentinelOne, FortiEDR, Microsoft Defender), forensic tools (e.g., Velociraptor, FTK), and threat intelligence platforms (e.g., MISP).
7. Documentation: Maintain detailed and accurate logs of incidents, response actions, and evidence collected. Prepare incident reports for internal and external stakeholders.
8. Collaboration: Coordinate with L2/L3 analysts, threat hunters, and vulnerability management teams for in-depth analysis and resolution.
9. Continuous Improvement: Contribute to playbook development, tuning of detection rules, and enhancing use case coverage.

1. Log and Event Analysis: Proficient in reading and interpreting event logs (Windows Event Logs, Sysmon, Linux audit logs, firewall logs, DNS logs, etc.).
2. Security Fundamentals: Strong understanding of networking concepts, TCP/IP stack, OSI model, and common attack vectors.
3. SIEM Expertise: Familiarity with SIEM platforms such as Wazuh, OpenSearch, Microsoft Sentinel, etc., including writing detection rules and dashboards.
4. Communication Skills: Strong verbal and written communication skills; ability to explain complex technical issues to varied audiences including customers and management.
5. Analytical Thinking: Strong problem-solving skills with attention to detail and the ability to correlate events from multiple sources.
6. Collaboration: Team-oriented mindset with the ability to work effectively with remote teams and cross-functional groups.
7. Adaptability: Ability to work under pressure, prioritize tasks, and manage changing workloads and shift timings.
8. Hands-on experience with incident handling lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned).
9. Familiarity with forensic acquisition tools and live response techniques.
10. Experience with malware sandboxing, IOC extraction, and reverse engineering basics.
11. Ability to coordinate response actions across security layers: endpoint, network, cloud, identity.
12. Understanding of TTP-based analysis and threat actor profiling using frameworks like MITRE ATT&CK and Diamond Model.

1. Must be willing to work in a 24x7 environment including night shifts, weekends, and public holidays as part of a rotating roster.
2. Flexibility to adjust to changing shifts based on operational needs.

1. Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
2. Security certifications such as CompTIA Security+, CySA+, CEH, ECIH, MS SC200 are a plus.

1. Strong analytical and critical thinking skills.
2. Ability to remain calm under pressure and respond decisively.
3. Passion for cybersecurity and eagerness to learn and grow within the team.

Interested? Share your resume to hr@dts-solution.com