Specialists - L1 SOC Analyst

Line of Service

Industry/Sector

Specialism

Management Level

Job Description & Summary

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a L1 SOC Analyst, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Alert Triage & Investigation
  ● Monitor for newly triggered alerts. Also look for alerts not yet marked as Open or Closed
  ● Collect more information to support the theory of the alerts under assessment
  ● Correlate alerts with other security devices
  ● Investigate the impact of the alerts
• Ensure that shift handovers are conducted clearly and concisely which includes:
  ● Participating in shift handover process
  ● Conducting shift handover
  ● Preparing shift handover report
  ● Communicating shift handover information to next shift personnel
• Monitor and investigate if the logs from the stopped flowing to SIEM. Reach out to the Server owner. Generate a list and work on the list. Report the ones resolved, and the method used.
  ● Linux - Syslogs - get in touch with server owner
  ● Windows - check for permission, user status (disabled/activate), password expiry (local user). User ID for
  windows collections is Irsvrcollector.
• Attend to Jira tickets sent to the client. Response to inquiry or forward the ticket to the respective group/team.
• Detect and report ticket with log parser issue to Infra/SIEM Engineer
• Detect and report ticket with False Alarm to Infra/SIEM Engineer
• Authorised to review and analyse alerts generated by security tools and systems.
• Empowered to escalate potential security incidents to higher-level analysts (L2 or L3) based on predefined criteria.

Key Requirements

• Degree or diploma in Computer Science, Information Security, or related field
• 0-1 year of experience in the area of Cybersecurity, SOC or Surveillance
• Certifications (optional but beneficial)
• Offensive mindset is a plus
• Willing to uplift threat hunting skill as part of career development
• Basic understanding of networking concepts (e.g. TCP/IP, DNS, HTTP, etc.)
• Familiarity with operating systems (e.g. Windows, Linux)
• Knowledge of security and operational tools such as:
  • SIEM platforms (e.g. Wazuh, Splunk)
  • EDR/XDR (e.g. MDE, Cortex, CrowdStrike, Sophos)
  • Firewalls and IDS/IPS systems
  • Familiarity with ticketing and workflow tools (e.g. Jira) is a plus
• Strong communication skills (English is a must, Cantonese is a plus) – ability to document incidents and escalate appropriately
• Attention to detail – crucial for identifying anomalies in logs and alerts
• Team collaboration – working with other SOC tiers and cybersecurity teams
• Willingness to work in shifts – SOC often operate 24/7

Education (if blank, degree and/or field of study not specified)

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date