Job Description

We are seeking Level 1 Security Operations Analysts for our Security Operations Center (SOC) at client end to provide 24x7 security monitoring, detection, and initial incident response. The ideal candidates will have hands-on experience in security operations, specifically with Microsoft Sentinel, and will be responsible for monitoring alerts, performing initial triage, and escalating incidents as needed. This role is part of a 24x7 rotational shift schedule to ensure continuous coverage. Key Responsibilities: Monitor Microsoft Sentinel for security alerts and events on a 24x7 basis. Perform initial triage and analysis of security events, including prioritization and escalation based on defined incident response procedures. Identify potential security incidents, false positives, and provide recommendations for mitigation or escalation to L2 SOC analysts. Leverage KQL queries for investigations. Document incidents, investigation results, and actions taken in the ticketing system. Follow established SOC processes and playbooks for effective incident response. Support continuous improvement by identifying gaps in monitoring and detection. Monitoring of other security tools such EDR - CrowdStrike, AWS Security Alerts for level 1 analysis based on the defined playbooks. Flexible in following updated playbooks as the security landscape changes. Work Schedule: This is a 24x7 rotational shift position , which includes nights, weekends, and holidays. Candidates must be flexible and willing to work varying shifts to ensure consistent coverage. Required Qualifications: 1-3 years of experience in a Security Operations Center (SOC) or a similar environment. Hands-on experience with Microsoft Sentinel for security monitoring and alert triage. Basic knowledge of cybersecurity concepts, threat detection, and incident response. Knowledge of other security technologies such as EDR, Cloud Security Platforms, Network Security etc. Familiarity with KQL (Kusto Query Language) for log analysis and alert tuning. Strong analytical skills and the ability to work under pressure during security incidents. Excellent communication skills, both written and verbal. Preferred Qualifications: Experience with SIEM platforms beyond Microsoft Sentinel (e.g., Splunk, QRadar) is a plus. Relevant cybersecurity certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst). Knowledge, Skills, and Abilities (NICE Framework) Aligned with the NIST NICE framework for an L1 SOC Analyst role: Knowledge (K): K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. K0004: Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information. K0058: Knowledge of incident response and handling methodologies. K0103: Knowledge of SIEM tools, specifically Microsoft Sentinel. Skills (S): S0001: Skill in monitoring and analyzing logs for suspicious activity. S0005: Skill in assessing the validity and priority of security alerts. S0138: Skill in identifying false positives and tuning detection rules. S0027: Skill in using KQL (Kusto Query Language) to query logs and alerts in Microsoft Sentinel. Abilities (A): A0006: Ability to analyze security events to detect potential threats. A0050: Ability to perform initial incident triage and escalate based on impact. A0039: Ability to work collaboratively within a SOC team, particularly in a high-pressure, shift-based environment. A0062: Ability to document incident details clearly and accurately. Soft Skills: Strong problem-solving abilities and keen attention to detail. Ability to work effectively within a team-oriented, fast-paced environment. Flexibility to adapt to changing priorities and shifts.