This role is part of the Security Operations team and requires strong understanding of threat hunting, incident response, and security monitoring. The analyst will collaborate with cross-functional IT teams to perform log analysis, monitor security dashboards, investigate incidents, and support vulnerability management and compliance activities.
• Continuously monitor security dashboards, SIEM alerts, and other security monitoring tools to identify potential threats and anomalies
• Participate in security incident response activities, including triage, investigation, containment, and escalation
• Perform initial analysis and first-level response for security incidents and service/security-related queries
• Conduct log analysis and correlate security events to identify Indicators of Compromise (IOCs) and suspicious activity
• Proactively support threat hunting activities across the environment to identify hidden or emerging threats
• Coordinate with IT infrastructure, application, and network teams to triage alerts and support incident resolution
• Work with external vendors to raise support cases, track progress, and follow up on issue resolution
• Perform regular vulnerability assessments on endpoints and systems, and coordinate remediation efforts with IT support teams
• Assist in maintaining and improving the organization’s overall security posture through continuous monitoring and feedback
• Support audit and compliance requirements by providing evidence, reports, and operational security support as needed
• Review and manage security-related eService tickets on a daily basis to ensure proper logging, categorization, prioritization, and SLA adherence
• Ensure timely assignment, tracking, and closure of security tickets within the eService system in coordination with relevant stakeholders
• Validate completeness and accuracy of eService ticket documentation, including investigation notes, evidence, and resolution details
• Monitor recurring security incidents and eService ticket trends to identify root causes and improvement opportunities
Ensure proper escalation of security tickets that breach SLAs or require higher-level technical or managerial attention
• Monitor the health, availability, and operational status of security tools including SIEM, EDR, Email Security, and log collection platforms, and report any service degradation or failures to relevant support teams
• Validate and enrich Indicators of Compromise (IOCs) against internal logs, SIEM alerts, and external threat intelligence sources to improve detection accuracy
• Perform initial malware triage and assist in collecting relevant forensic artifacts (e.g., file hashes, process details, endpoint logs) to support incident investigation activities
• Assist in testing and validation of newly onboarded log sources, SIEM integrations, and security detection use cases to ensure proper event ingestion and alerting
• Support vulnerability scanning activities and assist in tracking remediation progress and closure status in coordination with IT infrastructure and system owners.
Non-Negotiable:
• Continuous Security Monitoring, Triage & First Response (Core SOC Function)
• Incident Support & Escalation Coordination
• Ticketing, Documentation & Operational Discipline
• Experience with SIEM, EDR, IDS, IPS
• Vulnerability Assessments coordination
Additional Skills
• Strong understanding of SOC operations, incident response, and threat hunting
• Experience with SIEM tools
• Knowledge of log analysis, event correlation, and IOC identification
• Familiarity with endpoint security (EDR/XDR) tools
• Understanding of MITRE ATT&CK framework and common attack techniques
• Basic knowledge of Windows, Linux, and networking concepts (TCP/IP, DNS, HTTP/S)
• Ability to analyze security alerts and distinguish false positives
• Strong analytical and troubleshooting skills
• Good communication and documentation skills
• Ability to coordinate with IT teams and vendors during incidents
• Understanding of vulnerability management and remediation process
Software Powered by ICIMS
www.icims.com