SOC Analyst

Requirements

• Monitoring security events and alerts from multiple cybersecurity tools (SIEM, EDR, IDS/IPS, firewalls and others);
  
• Analysing and investigating security alerts to identify potential incidents or suspicious activities;
  
• Performing triage and classification of security incidents according to defined procedures;
  
• Executing initial response and containment actions whenever applicable;
  
• Escalating incidents to advanced security teams or responsible technical teams when necessary;
  
• Performing log analysis and event correlation using SIEM platforms;
  
• Documenting incidents, investigations and actions according to SOC processes;
  
• Contributing to the continuous improvement of detection rules and use cases;
  
• Supporting the fine tuning of security tools to reduce false positives;
  
• Collaborating with IT and cybersecurity teams in incident investigation and resolution.
  

• Experience in Security Operations (SOC) or security event monitoring;
  
• Knowledge of SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel or similar);
  
• Experience analysing security logs and network events;
  
• Knowledge of network protocols, operating systems and IT architecture;
  
• Familiarity with security tools such as: EDR / XDR, IDS / IPS, Firewalls, Endpoint protection solutions;
  
• Knowledge of security frameworks (MITRE ATT&CK, NIST or similar);
  
• Experience with security incident management processes.
  

• Experience with threat hunting or advanced incident analysis;
  
• Knowledge of security automation processes (SOAR);
  
• Experience with cloud environments (Azure, AWS or GCP);
  
• Relevant cybersecurity certifications such as CompTIA Security+, CySA+, GCIH or SC 200.