TheSOCAnalystwillberesponsibleforprotectingIFZA'sinformationsystemsbyidentifying,assessingandmitigatingsecurityrisks.Thisroleinvolvesmonitoring,analyzing,andrespondingtosecurityincidents,implementingsecuritymeasures,andensuringcompliancewithindustrystandardsandregulations.Theidealcandidateisproactive,detail-oriented,andpossessesstrongtechnicalandanalyticalskills.
RequirementsKey Responsibilities
1. Security Monitoring
• Monitor SIEM dashboards (e.g., Microsoft Sentinel) and security alerts in real time.
• Track and analyze events from security tools (eg . Microsoft Defender)
• Identify suspicious activities, anomalies, or policy violations.
2. Incident Triage & Response
• Perform initial investigation and classification of alerts (false positive vs true positive).
• Collect and review logs, event details, reputation information, and indicators of compromise.
• Escalate confirmed or high-severity incidents to L2/L3 analysts with proper documentation.
• Initiate predefined response actions (isolating devices, forcing password resets, blocking IPs).
3. Threat Analysis
• Check IOC hits against threat intelligence sources.
• Analyze phishing emails, malware infections, malicious URLs, attachments, credential-harvesting attempts and unauthorized access.
• Identify trends across alerts to support early-stage threat detection.
4. Documentation & Reporting
• Create detailed incident tickets and investigation notes.
• Conduct root cause analysis and document incident reports with remediation recommendations.
• Maintain proper incident timelines and updates in the ticketing system.
• Generate reports for repeated or trending issues.
5. Collaboration
• Work closely with Security Team and internal IT teams.
• Communicate effectively with users to validate suspicious activities or login attempts.
• Follow established SOPs and contribute to process improvements.
6. Security Awareness and Training
• Conduct security awareness training for employees to promote best practices (e.g., password management, phishing prevention).
• Create and distribute educational materials on emerging cyber threats.
7. Threat Intelligence and Research:
• Stay updated on the latest cyber threats, vulnerabilities, and attack vectors.
• Analyze threat intelligence reports and apply findings to enhance organizational security posture.
Required Qualifications
• Bachelors in engineering, Computer Science, or related field.
• 5-7 years of experience in SOC operations.
• Minimum 3+ years hands-on experience in SOC, blue team, or security engineering roles.
• Proven expertise with Microsoft Sentinel, Microsoft Defender, Incident management and compromised recovery.
Technical Skills
• Solid grasp of TCP/IP, Windows/Linux internals, AWS/Azure security primitives.
• Scripting for automation (Python, Bash, or PowerShell).
• Familiarity with MITRE ATTACK mapping and threat-hunting methodology.
• Certifications (Good to Have)
• CompTIA Security+, Microsoft SC-200, CEH, CCNA or CCNP - Security.
Benefits