SOC Analyst

• SIEM & Incident Management (Splunk)

  • Independently analyse SIEM alerts in Splunk correlate across multiple data sources and enrich with threat intelligence feeds.

  • Conduct root-cause analysis and propose improvements to detection logic.

  • Collaborate with engineering teams to enhance Splunk detection rules and SOPs.

  Validate escalations and ensure incident creation in ticketing platform e.g. Service Now is accurate.

• Analyse complex e-mail or hotline cases that fall outside SOPs.

• Escalate major incidents to CDC.

• Perform in-depth triage and investigation of CrowdStrike Falcon incidents.

• Correlate alerts with endpoint telemetry Splunk logs and threat intelligence.

• Take pre-approved remediation actions via automated workflows.

• Conduct root-cause analysis on recurring incidents.

• Recommend whitelist/blacklist updates to reduce false positives.

• Analyse suspicious emails including attachment and URL behavioural analysis.

• Initiate mitigation measures (IoC blocking proxy actions sandbox validation).

• Classify severity and escalate critical events to CDC.

• Produce intelligence reports on emerging email-borne threats.

• Support continuous improvement of workflows and operational procedures

The SOC Analyst is responsible for deep-dive investigation advanced analysis and resolution of security incidents escalated from automated systems. L1 analysts provide contextual threat analysis enrichment and remediation while working closely with CDC and engineering teams. They ensure incidents are accurately classified mitigated and documented.

• Solid understanding of cyber kill chain MITRE ATT&CK and incident response.
• Proficiency with SIEM (Splunk) EDR (CrowdStrike) and SOAR automation workflows.
• Hands-on experience with e-mail security sandboxing and phishing analysis.
• Knowledge of malware behavior threat intelligence sources and IOC enrichment.
• Strong analytical and investigative skills with the ability to handle complex cases.

• Bachelor’s degree in Computer Engineering IT Cybersecurity or related field.
• Security certifications (e.g. Splunk Certified Cybersecurity Defense Analyst CySA+GIAC GCIH or similar).
  
  

1–4 years of SOC analyst or incident response experience.