بسم الله الرحمن الرحيم
التحليل الوظيفى
TOR
SOC Analyst (Level 1) Job analysis
Job Overview:
A Level 1 SOC Analyst is the first line of defense in the Security Operations Center, responsible for monitoring and analyzing alerts, identifying potential threats, and escalating incidents for further investigation.
Key Responsibilities:
Monitoring and Detection:
- Continuously monitor alerts generated by SIEM and security tools.
- Identify unusual or suspicious activity in logs and alerts.
Escalation and Documentation:
- Perform initial triage and escalate confirmed incidents to Level 2 analysts.
- Maintain accurate records of alerts and responses.
Daily Tasks:
- Review alerts for potential threats or anomalies.
- Conduct basic analysis to identify false positives.
- Document incident details and submit escalation reports.
Skills:
1. Computer Skills:
- SIEM platforms: Splunk, QRadar, LogRhythm.
- Basic log analysis and use of antivirus tools.
2. Language Skills:
- Clear and concise documentation for escalation purposes.
- Communication with IT teams for follow-up actions.
3. Job Technical (Functional) Skills:
- Basic incident triage and prioritization.
- Understanding of common attack vectors and mitigation techniques.
4. Interpersonal Skills:
- Attention to Detail: Ensuring accurate incident reporting.
- Team Collaboration: Working with other SOC levels to resolve incidents.
- Curiosity: A desire to learn and grow in cybersecurity.
Job Specifications:
- Education: Bachelor’s degree in Cybersecurity, IT, or related field.
- Experience: 1–2 years in IT support or security operations.
- Certifications: CompTIA CySA+, CEH (preferred).
Performance Metrics:
- Number of accurate escalations.
- Quality of documentation and incident reporting.
- Reduction in false positives flagged.