8 Soc Monitoring Jobs

Job Description CyberSecOn is looking for a talented and dedicated Cyber Security Analyst who can work remotely. A Cyber Security Analyst is responsible for maintaining the security and integrity of data. The security analyst must possess knowledge of every aspect of information security to protect company assets from evolving threat vectors.The main responsibilities will include: Monitor and investigate security events and alerts from various sources, such as logs, network traffic, threat intelligence, and user reports. Conduct proactive and reactive threat hunting campaigns to uncover hidden or emerging threats on the cloud environment. Perform root cause analysis and incident response to contain and remediate cloud abuse incidents. Document and communicate findings, recommendations, and lessons learned to relevant stakeholders and management. Develop and update cloud abuse detection rules, indicators, and signatures. Research and stay updated on the latest cloud abuse trends, tactics, techniques, and procedures (TTPs) of threat actors. Provide guidance and training to other security teams and cloud users on best practices and standards for cloud security. Manage multiple client environment cyber security infrastructure and applications. Knowledge of ServiceNow, Zoho desk, Jira/Confluence, etc. Perform vulnerability risk reviews using Qualys, Rapid7 and/or Tenable. Responsible for managing and improving the defined patch management & configuration review process and activities. Proactively manage applications, infrastructure security & network risks; ensuring security infrastructure aligns with companys compliance requirements. Skills & Experience: 4 years + years of experience in a security analyst role, preferably in a SOC environment. Good knowledge on security analyst, engineering, and project management experience Experience in client management for security projects. Knowledge and hands-on experience with SIEM technologies such as Microsoft Sentinel, Rapid7 Insight IDR, Wazuh, etc. Create play books and automation on Microsoft sentinel is desirable. Strong experience in Virtualisation, Cloud (Azure, AWS, other service providers) design, configuration, and management. Ability to manage priorities, perform multiple tasks and work under dynamic environment and tight deadlines. Ability to perform vulnerability assessments, penetration testing using manual testing techniques, scripts, commercial and open-source tools. Experience and ability to perform Phishing campaign and/or similar social engineering exercise. Subject matter expert in one or multiple areas as Windows, Unix, Linux OS. Vendor or Security specific certifications is preferred. Demonstrated analytical, conceptual and problem-solving skills. Ability to work effectively with limited supervision on multiple concurrent operational activities. Ability to communicate effectively via email, report, procedures in a professional and succinct manner. Preferred : Candidates who can join immediately or within 15 days.

Responsibilities: Cyber Security Event Review & Leadership: Review cyber security events analyzed by Level 2 security analysts and act as the team lead, serving as the escalation point for detection, response, and remediation activities. Monitoring & Guidance: Monitor and guide the team in triaging cyber security events, prioritizing them, and recommending/performing appropriate response measures. Technical Support: Provide expert technical support for various IT teams in response and remediation activities for escalated cyber security events/incidents from L2 analysts and stakeholders. Incident Follow-up & Closure: Ensure all cyber security incident tickets are followed up diligently until full closure. Analyst Guidance & Mentorship: Provide clear guidance and mentorship to L1 and L2 analysts in analyzing events and executing response activities. Incident Response Expediting: Intervene and expedite Cyber incident response and remediation-related activities in case of any delays, coordinating effectively with various teams, including L1 and L2 team members. Policy & Best Practice Review: Review and provide valuable suggestions during the preparation of information security policies and best practices for client environments. SLA & Communication: Ensure that all Service Level Agreements (SLAs) and contractual requirements are met in a timely manner, maintaining effective communication with all stakeholders. Reporting & Dashboards: Review Daily, Weekly, and Monthly dashboard reports and share them with relevant stakeholders, providing clear insights into security posture. Documentation & Playbooks: Review all security-related documents, update playbooks, and maintain other standard operational procedures to ensure accuracy and relevance. System Documentation Validation: Validate client systems and IT infrastructure documentation, ensuring all records are current and accurate. Knowledge Sharing & Threat Intelligence: Share knowledge with team members on current security threats, trends in attack patterns, and new security tools. Use Case Development & Validation: Review and create new use cases based on emerging attack trends. Validate these use cases through selective testing and logic examination. Threat Detection Rule Development: Develop and maintain threat detection rules, parsers, and use cases to enhance the SIEM's detection capabilities. Security Analytics Understanding: Possess a strong ability to understand security analytics and data flows across various SaaS applications and cloud computing tools. SIEM Solution Deployment: Be capable of deploying SIEM solutions in customer environments. Required Skills: Core SOC Monitoring experience. Proficiency with SOC tools such as FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella . Strong experience in analyzing malicious traffic and building detections. Experience in applications security, network security, and systems security. Knowledge of MITRE or similar frameworks and adversary procedures. Expertise with SIEM Solutions (Securonix / Splunk / Sumologic / LogRhythm / ArcSight / Qradar). Strong communication skills, both written and oral, capable of effectively communicating with internal teams and external stakeholders. Experience working on SMB & large enterprise clients. Good understanding of ITIL processes , including Change Management, Incident Management, and Problem Management. Strong expertise on multiple SIEM tools & other devices found in a SOC environment. Good knowledge in firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Good understanding of raw Log formats of various security devices like Proxy, Firewall, IDS/IPS, DNS. Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Knowledge of regex and parser creation . Ability to mentor and encourage junior teammates. Strong work ethic with good time management skills. Coachability and dedication to consistent improvement. Good to Have: Master's degree. Relevant certifications like CEH, CISA, CISM. Be a key person for developing Thought Leadership within the SOC.

Responsibilities: Cyber Security Event Review & Leadership: Review cyber security events analyzed by Level 2 security analysts and act as the team lead, serving as the escalation point for detection, response, and remediation activities. Monitoring & Guidance: Monitor and guide the team in triaging cyber security events, prioritizing them, and recommending/performing appropriate response measures. Technical Support: Provide expert technical support for various IT teams in response and remediation activities for escalated cyber security events/incidents from L2 analysts and stakeholders. Incident Follow-up & Closure: Ensure all cyber security incident tickets are followed up diligently until full closure. Analyst Guidance & Mentorship: Provide clear guidance and mentorship to L1 and L2 analysts in analyzing events and executing response activities. Incident Response Expediting: Intervene and expedite Cyber incident response and remediation-related activities in case of any delays, coordinating effectively with various teams, including L1 and L2 team members. Policy & Best Practice Review: Review and provide valuable suggestions during the preparation of information security policies and best practices for client environments. SLA & Communication: Ensure that all Service Level Agreements (SLAs) and contractual requirements are met in a timely manner, maintaining effective communication with all stakeholders. Reporting & Dashboards: Review Daily, Weekly, and Monthly dashboard reports and share them with relevant stakeholders, providing clear insights into security posture. Documentation & Playbooks: Review all security-related documents, update playbooks, and maintain other standard operational procedures to ensure accuracy and relevance. System Documentation Validation: Validate client systems and IT infrastructure documentation, ensuring all records are current and accurate. Knowledge Sharing & Threat Intelligence: Share knowledge with team members on current security threats, trends in attack patterns, and new security tools. Use Case Development & Validation: Review and create new use cases based on emerging attack trends. Validate these use cases through selective testing and logic examination. Threat Detection Rule Development: Develop and maintain threat detection rules, parsers, and use cases to enhance the SIEM's detection capabilities. Security Analytics Understanding: Possess a strong ability to understand security analytics and data flows across various SaaS applications and cloud computing tools. SIEM Solution Deployment: Be capable of deploying SIEM solutions in customer environments. Required Skills: Core SOC Monitoring experience. Proficiency with SOC tools such as FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella . Strong experience in analyzing malicious traffic and building detections. Experience in applications security, network security, and systems security. Knowledge of MITRE or similar frameworks and adversary procedures. Expertise with SIEM Solutions (Securonix / Splunk / Sumologic / LogRhythm / ArcSight / Qradar). Strong communication skills, both written and oral, capable of effectively communicating with internal teams and external stakeholders. Experience working on SMB & large enterprise clients. Good understanding of ITIL processes , including Change Management, Incident Management, and Problem Management. Strong expertise on multiple SIEM tools & other devices found in a SOC environment. Good knowledge in firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Good understanding of raw Log formats of various security devices like Proxy, Firewall, IDS/IPS, DNS. Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Knowledge of regex and parser creation . Ability to mentor and encourage junior teammates. Strong work ethic with good time management skills. Coachability and dedication to consistent improvement. Good to Have: Master's degree. Relevant certifications like CEH, CISA, CISM. Be a key person for developing Thought Leadership within the SOC.

Responsibilities: SOC Monitoring: Provide core Security Operations Center (SOC) monitoring services for client environments, ensuring continuous vigilance against security threats. Tool Proficiency: Utilize and operate various SOC tools, including FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella , for effective threat detection and response. L1 Support: Provide initial (L1) support for security incidents within client environments, triaging alerts and performing preliminary investigations. Incident Response Assistance: Assist in the initial phases of incident response, following established protocols to contain and escalate security incidents. Alert Analysis: Analyze security alerts and logs from various sources, distinguishing between false positives and genuine threats. Documentation: Maintain accurate records of security incidents, investigations, and resolutions. Communication: Effectively communicate security findings, incidents, and recommendations through good verbal and written communication skills. Shift Work: Be open and flexible to work in shifts as per operational requirements. Required Skills: Proficiency in FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella . Core SOC Monitoring experience. Good verbal and written communication skills. Openness to work in shifts and flexibility in work approach.

Min. 2.5 years of experience in Security Operations Center. Experience in monitoring and alert handling in QRadar SIEM. Security incident handling and reporting. Experienced in EDR alert analysis, preferably SentnelOne. Should be flexible to work in 24/7 rotational shifts. Should possess good communication skills. Mandate skills: Qradar SIEM tool with latest version. Immediate joiners would be preferred.

Job Summary: The SOC Monitoring and Incident Response Specialist is responsible for monitoring security events, identifying potential threats, investigating incidents, and initiating incident response actions. This role requires extensive experience in cybersecurity, threat intelligence, and incident response processes to support our security operations and safeguard our organization's IT environment. Key Responsibilities: Security Monitoring & Analysis - Monitor and analyze security alerts from various sources (SIEM, IDS/IPS, firewalls, endpoint protection, etc.). - Identify suspicious activity and investigate to understand the threat level and scope. - Perform triage of alerts to assess whether they represent legitimate threats or false positives. Act as the first responder to security incidents, containing and mitigating threats. - Document and track incidents, performing root-cause analysis to prevent recurrence. - Coordinate incident response efforts, collaborating with internal teams and external partners if needed. - Utilize threat intelligence to stay updated on emerging threats and attack vectors. - Correlate threat intelligence data with real-time monitoring to detect indicators of compromise (IOCs). - Proactively hunt for threats and vulnerabilities within the organizations network. - Conduct forensic investigations of compromised endpoints, servers, and networks to determine the nature and extent of attacks. - Collect, preserve, and analyze evidence for potential use in legal or disciplinary actions. - Provide detailed reports on findings and recommendations for improvements in security posture. Process Improvement & Documentation - Contribute to the development and improvement of SOC processes, playbooks, and runbooks. - Document security incidents and response activities in detail, ensuring accurate record-keeping. - Provide post-incident reports, insights, and recommendations to improve defenses and incident handling procedures. - Work with IT and cybersecurity teams to improve overall network and endpoint security. - Communicate with stakeholders, translating technical findings into business impacts. - Participate in cross-functional meetings and contribute to the overall risk management strategy. - Mentor junior SOC analysts and assist in their professional development. - Conduct training sessions and awareness programs to improve cybersecurity knowledge within the organization. Requirements: Education: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience). Experience: 6-8 years of experience in a SOC, incident response, or similar cybersecurity role. Certifications: Preferred certifications include CISSP, CISM, GIAC (GCIA, GCIH), or CEH. Technical Skills: - Proficiency with SIEM tools (e.g., Splunk, QRadar, ArcSight, Logrhythm), IDS/IPS systems, firewalls, and EDR and WAF solutions. - Familiarity with common operating systems (Windows, Linux) and networking protocols (TCP/IP, DNS, HTTP, etc.). - Strong understanding of cyber threats, vulnerabilities, malware, and attack methods. - Experience with scripting languages (Python, PowerShell) is an asset. - Knowledge of forensic tools and processes for data recovery and analysis. Soft Skills: - Strong analytical and problem-solving abilities. - Ability to work effectively under pressure and manage multiple tasks. - Excellent communication and interpersonal skills, with the ability to explain technical issues to non-technical audiences. - Team-oriented with a proactive and collaborative attitude.

To analyse and update critical and non critical log sources and their health status check for redundant log sources and take necessary steps working with right stake holders daily health check and monitoring of SOC infra Co-relationship, framework management for SOC use cases responsible for analytics and data crunching or data analysis and represenation of outcome for leadeship to make next decisions KPI definition, revision and imprvement for SOC infra, health and use cases Bachelor's/Master's degree in Engineering/Technology or related field Minimum 4-6 years of relevant IT experience Professional industry standard certifications like CISSP, CEH, GIAC, CISM, ISO 27002 etc. will be an added advantage Experience with various IT / Security technologies including, Active Directory, DNS, Messaging, Firewalls/ VPN Gateways, IPS, Proxy, WAF, PKI, IAM,etc. Good understanding of tools like CyberArk, PingIdentity, Sailpoint, Qualys, Veracode Proficient handson experience and understanding of various security tools and technologies. Experience in an operational role working directly with internal and external customers, trouble ticketing systems, and incident management Solid understanding of ITIL process framework Must understand and have worked in an operational environment such as a NOC or SOC for 2 4 years Demonstrated leadership experience in the area of Security Operations Proven planning, prioritization, and organizational skills Demonstrated drive for continuous learning, results orientation, and teamwork Ability to drive change through innovation & process improvement Ability to manage projects and drive action items with customers and crossfunctional peers Proven crisis management skills Professional & concise communication (written & verbal) Ability and flexibility to adapt to change, including shifting and competing priorities Demonstrated ability to be a big picture thinker, strategist, and long term planner Strong analytical skills with demonstrated problem solving ability Project management skills with a proven ability to design workable solutions will be an added advantage Exposure to ISO 27002 and ISO 27005

As an L1 SOC Analyst, you will be responsible for monitoring alerts and triaging basic security events from SIEM, EDR, and NDR platforms. Your role includes identifying suspicious activities, escalating incidents as per defined SOPs, and supporting the security operations team in daily monitoring tasks. Key Responsibilities: Monitor alerts from SIEM (QRadar, Microsoft Sentinel), EDR (Microsoft Defender for Endpoint), and NDR (LinkShadow/Darktrace) platforms Triage basic security events and validate incidents using established playbooks Escalate potential threats to L2 analysts based on severity and context Review and respond to AV/EDR alerts and execute predefined security queries Log incidents, document actions, and maintain ticketing system with accurate updates Enrich alerts with known threat intelligence and IOCs (IP, domain, file hashes) Support incident response efforts for phishing, malware, brute-force attacks, etc. Collaborate with team members and shift leads to ensure 24x7 monitoring coverage Tool Experience (Preferred): SIEM Tools: Basic use of QRadar and Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint, Antivirus consoles NDR: LinkShadow or Darktrace (basic familiarity) Other Tools: Microsoft Exchange Online Protection (EOP), Azure AD Sign-In Logs (optional) Certifications (Preferred): CompTIA Security+ Microsoft SC-900 Shift Readiness: This role requires flexibility to work in 24x7 rotational shifts , including nights, weekends, and holidays. Required Skills: Understanding of basic cybersecurity concepts Familiarity with security alert triage and incident logging Basic knowledge of Indicators of Compromise (IOCs) Fast learner with strong attention to detail Effective communicator and team player