SECURITY ANALYST L1

Job Description

Key Responsibilities of the Position 1. Monitor security alerts and events from various security tools (SIEM, IDS/IPS, EDR, etc.). 2. Analyze network and host activity for anomalies and potential threats. 3. Identify and categorize security incidents based on severity and impact. 4. Investigate and escalate security incidents as per defined processes. 5. Perform event correlation to detect security threats. 6. Support initial containment and mitigation actions under. 7. Identify vulnerabilities in systems and networks. 8. Recognize misuse activities and exploited system weaknesses. 9. Collect and analyze logs from firewalls, antivirus, IDS/IPS, and other security tools. 10.Perform network traffic and packet-level analysis to detect malicious activities. 11.Identify trends and patterns in security events. 12.Analyze suspicious files and behavior for potential malware threats. 13.Utilize threat intelligence sources to understand emerging threats. 14.Maintain detailed incident reports and case documentation. 15.Provide input for incident root cause analysis. 16.Assist in creating and improving SOC playbooks and workflows. 17.Work closely with senior analysts for advanced investigations. 18.Support security awareness initiatives by sharing insights with internal teams. 19.Stay updated on the latest security threats, vulnerabilities, and attack techniques. Key Skills Required 1. Skill in detecting host- and network-based intrusions. 2. Skill in recognizing vulnerabilities and exploited weaknesses. 3. Skill in monitoring system activity for anomalies. 4. Skill in performing log file analysis and event correlation. 5. Skill in performing network data flow and traffic analysis. 6. Skill in performing system activity and packet-level analysis. 7. Skill in handling security incidents. 8. Skill in evaluating data source quality for investigations. 9. Skill in utilizing cyber defense service provider information. 10. Skill in identifying misuse activities and categorizing vulnerabilities. 11. Skill in performing trend analysis on attack patterns. 12. Hands-on experience with SIEM, EDR, IDS/IPS, and other security monitoring tools. 13. Basic knowledge of network protocols, firewalls, and endpoint security solutions. 14. Familiarity with scripting (Python, PowerShell) for automation is a plus.