Security Operations Center (SOC) Operator

Position Overview

SOC Operator

Key Responsibilities

Security Monitoring & Analysis

• Monitor

  SIEM dashboards, EDR s, and security telemetry

  for suspicious activity across endpoints, networks, and cloud environments.


• Perform

  initial triage, classification, and escalation

  of security s based on severity and impact.


• Correlate events from multiple sources to identify potential attack patterns and lateral movement.

Incident Response & End-User Support

• Provide

  first-line and second-line support

  for security incidents, including

  phishing, malware infections, and account compromises

  .


• Guide end-users through

  containment and remediation steps

  for security-related issues.


• Document incident details, actions taken, and lessons learned in the incident management system.

Security Investigation & Threat Hunting

• Conduct

  in-depth investigations

  of security incidents, including log analysis, forensic review, and root cause determination.


• Participate in

  threat hunting activities

  to proactively identify indicators of compromise (IOCs) and advanced threats.


• Collaborate with

  threat intelligence teams

  to enrich investigations with contextual data.

Red/Blue/Purple Teaming Support

• Assist in

  Blue Team defensive operations

  by validating detection rules and improving fidelity.


• Support

  Purple Team exercises

  by working with Red Team to simulate attacks and validate detection/response capabilities.


• Provide feedback to improve

  SOC playbooks and detection engineering

  .

Incident Management & Reporting

• Follow

  incident response playbooks

  and escalate incidents to senior analysts or IR teams as needed.


• Generate

  daily, weekly, and monthly SOC reports

  on incident trends, response metrics, and threat landscape.


• Ensure compliance with

  industry standards

  (ISO 27001, NIST CSF) and internal security policies.

Required Qualifications

Experience

• 2 4 years

  in a

  SOC, incident response, or security operations role

  .


• Hands-on experience with

  SIEM platforms (Splunk, Microsoft Sentinel)

  ,

  EDR tools (CrowdStrike, Defender for Endpoint)

  , and

  network security monitoring

  .

Technical Skills

• Knowledge of

  attack techniques (MITRE ATT&CK)

  and common threat vectors.


• Familiarity with

  log analysis, packet capture tools, and forensic techniques

  .


• Basic scripting skills (PowerShell, Python) for automation and investigation tasks.

Certifications (Preferred)

• CompTIA Security+

  ,

  CySA+

  ,

  GCIA

  , or

  GCIH

  .


• Exposure to

  Red/Blue/Purple Teaming methodologies

  is a plus.

Preferred Attributes

• Strong

  analytical and problem-solving skills

  .


• Ability to work in a

  fast-paced, 24x7 SOC environment

  .


• Excellent

  communication and documentation skills

  .