Cyber Security Analyst (SOC + VM) L1

Main Skills - SOC + VM

JD Associate L1 Squad

Squad (TDR, IAM, VM, SecOps) Associate Operations Associate L1

The Cybersecurity L1 Analyst is the first line of defense in cybersecurity operations, responsible for initial monitoring, triage, basic troubleshooting, and escalating issues appropriately across security domains—including Threat Detection & Response (TDR), Identity & Access Management (IAM), Vulnerability Management (VM), and Security Operations (SecOps). This role ensures timely detection of anomalies, execution of standard operating procedures (SOPs), and support of day-to-day operational activities under the guidance of L2 and L3 teams.

The L1 Cybersecurity Analyst provides foundational operational support across security towers, executing monitoring, triage, documentation, and routine system maintenance. This role is essential for ensuring timely detection of threats, accurate escalation, and reliable functioning of cybersecurity tools and processes in a 24/7 environment.

• Share and collaborate effectively with others, creating a positive team spirit.
• Identify and make suggestions for improvements when problems and/or opportunities arise.
• Validate data and analysis for accuracy and relevance.
• Follow risk management and compliance procedures.
• Communicate confidently in a clear, concise, and articulate manner - verbally and in written form.
• Seek opportunities to learn about the wider economy alongside the business models/corporate governance and/or regulatory environment of our clients.
• Uphold the firm's code of ethics and business conduct.

Required Skills & Qualifications

• 1-3 years of experience in cybersecurity or IT operations (freshers with certification/training also considered).
• Basic understanding of SIEM, EDR, IAM, VM, or ITSM tools.
• Working knowledge of operating systems, networks, and cybersecurity fundamentals.
• Strong communication, analytical thinking, and problem-solving skills.
• Ability to follow documented procedures accurately and consistently.

Preferred Skills

• Exposure to cloud platforms (Azure, AWS) or scripting (Python, PowerShell).
• Understanding of MITRE ATT&CK, vulnerability scoring, threat intelligence.
• Security certifications such as Security+, CEH, AZ-900, ITIL.

Key Responsibilities:

1. Security Monitoring & Initial Incident Triage

• Continuously monitor SIEM dashboards, EDR alerts, and security tools for potential security events.
• Perform initial validation, enrichment, and triage of alerts to determine severity and legitimacy.
• Escalate suspicious or confirmed incidents promptly to L2 or client teams per SOP.
• Execute containment actions only if pre-approved and documented.

2. Vulnerability Management Support

• Run or monitor daily scan health, including scan failures, credential issues, and discovery schedule gaps.
• Review and update tagging, asset identification, and scanner hygiene activities.
• Validate obvious false positives or reassign support tickets as necessary.
• Monitor remediation ticket creation/routing in the ITSM system.

3. IAM Operational Activities

• Execute manual provisioning tasks for enterprise applications (AD, SAP, JDE, Oracle) under supervision.
• Support certificate lifecycle operations by identifying upcoming expirations.
• Assist with SOP-driven IAM workflows across PAM, IGA, and Access Management.

4. Routine Application & System Maintenance

• Perform daily operational checks for security tools across TDR, IAM, VM, and SecOps.
• Verify backups, job completions, ingestion status, and platform service availability.
• Perform basic break-fix troubleshooting following SOP guidelines.
• Complete user administration tasks (creation, updates, revocation) based on access policies.

5. Ticket Management & Queue Monitoring

• Track open tickets, triage inbound requests, and ensure correct routing to relevant queues.
• Validate incomplete or misrouted tickets before escalating.
• Update tickets accurately with findings, timestamps, and actions taken.

6. Documentation & Knowledge Capture

• Document daily activities, triage steps, case notes, and lessons learned.
• Maintain logs of troubleshooting activities to support audit and RCA work.
• Assist in updating SOPs, runbooks, quick reference guides, and knowledge articles.

7. Ad-Hoc Support Tasks

• Execute ad-hoc search queries in SIEM or security tools as requested by L2/L3.
• Support onboarding, cross-training, and knowledge transfer sessions.
• Provide assistance during service disruptions or high-severity incidents.

8. Shift Support & Operational Discipline

• Operate within a 24x7 or follow-the-sun model, ensuring timely handovers.
• Maintain shift logs, follow escalation paths, and adhere strictly to SLAs.
• Support L2/L3 teams during P1/P2 incidents with data collection and communication.

9. Communication & Collaboration

• Communicate clearly and promptly with internal teams, documenting all interactions.
• Coordinate with IT, infrastructure, IAM, VM, and other cybersecurity teams as needed.

10. Continuous Learning & Skill Development

• Actively pursue learning pathways to advance toward L2 responsibilities.
• M tay informed about basic cybersecurity threats, tools, and industry trends. M