SOC_Security_Tier1_Analyst

Cloud Raptor is Hiring for MNP SPARK Bengaluru!

Work Location:

MNP is one of Canadas largest full-service chartered professional-services firms providing accounting, tax, consulting, risk-advisory, management consulting, and financial advisory services.
• With offices across all provinces and a workforce of thousands, MNP serves clients in public, private, and not-for-profit sectors across Canada. • MNP emphasizes a culture of balanced lifestyle, competitive compensation and benefits, merit-based career growth, and values that support diversity, inclusion, community, and work-life balance.

Role & responsibilities

• Monitor security alerts in Microsoft Sentinel and Defender XDR portals continuously.
• Perform initial triage and analysis of incoming security alerts using predefined playbooks and Standard Operating Procedures (SOPs).
  • Utilize Kusto Query Language (KQL) queries in Microsoft Sentinel to investigate alerts and gather preliminary event context.
• Analyze alerts from various sources like endpoints (Defender for Endpoint), networks, cloud services (Defender for Cloud Apps), and identities (Defender for Identity, Entra ID logs).
• Execute basic response actions as defined in playbooks, such as isolating hosts using Microsoft Defender for Endpoint or blocking malicious indicators in Sentinel.
• Document investigation steps and findings in the ticketing system.
• Escalate complex incidents to SOC Tier 2 Analysts promptly with clear information.
• Maintain situational awareness of the cyber threat landscape and client security posture.
• Adhere to Service Level Agreement (SLAs) for metrics such as Mean Time to Acknowledge (MTTA) and Mean Time to Respond/Resolve (MTTR) to demonstrate operational maturity.
• Participate in shift handover procedures for seamless operations.
• Provide feedback to refine operational playbooks and procedures.

Preferred candidate profile

• 2-4 years in a SOC or related IT security role.

• Experience with/Knowledge of ITIL processes.

• Experience with security alerts and IT incidents management.

• Fundamental understanding of core cybersecurity principlese, including common threats, vulnerabilities, attack vectors and security controls.

• Familiarity with Security Information and Event Management (SIEM) concepts and systems. Direct experience with AlienVault and Microsoft Sentinel, including alert triage and executing basic KQL queries, is highly preferred

• Exposure to Endpoint Detection and Response (EDR) concepts. Experience navigating and utilizing the Microsoft Defender for Endpoint, SentinelONE, or Sophos is advantageous.

• Basic understanding of common networking protocols and their relevance to security event analysis.

• Demonstrated ability to accurately follow detailed technical documentation, such as playbooks and SOPs.Basic knowledge of the MITRE ATT&CK framework and its application in understanding attacker techniques is beneficial.

• Familiarity with Windows and Linux fundamentals.

• Clear and professional skills for documentation and escalation.

• Ability to work effectively in a fast-paced environment.

• Strong sense of mutual support and collaboration.

• Enthusiasm for learning/developing new cybersecurity skills.

• Proven ability to work effectively as part of a team.

Educational Qualifications :

Certifications :

Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) and CompTIA Security+

Pursuing Microsoft Certified

Security Operations Analyst Associate (SC-200) -

Experience At least 2 Years in a SOC Security Analyst role