Area(s) of responsibility
- Continuously monitor SIEM, EDR, IDS/IPS, firewalls, and log sources for suspicious activity.
- Perform initial triage and classification of alerts based on severity, scope, and impact.
- Escalate validated incidents to L2 SOC analysts in line with SOC playbooks and escalation matrix.
- Verify log ingestion and forwarding from SIEM, EDR, IDS/IPS, and other security platforms.
- Identify tool or data gaps and escalate to L2 SOC or security engineering teams.
- Maintain accurate and detailed incident records, triage notes, and escalation details.
- Document recurring false positives and suggest playbook improvements.
- Create and update tickets in the SOC case management system.
- Serve as the first point of contact for customer-reported security incidents.
- Perform preliminary analysis of suspicious emails, URLs, and attachments.
- Follow MSSP and customer-specific SLA-driven escalation workflows.
- Review vulnerability scan reports and escalate high-severity findings to L2/security engineers.
- Experience in Vulnerability management
- Assist in preparing daily/weekly SOC dashboards, reports, and metrics for management and customers.