We’re looking for a Tier 1 SOC Analyst to join our team and handle initial triage, monitoring, and investigation of security alerts across cloud and endpoint environments.
This is a client-facing role requiring strong English, excellent verbal communication skills, and the ability to clearly communicate findings and escalations. The position is intended for candidates with at least 1 year of hands-on SOC / Security Operations experience.
The role is based on morning shifts aligned with US working hours, 08:00–17:00 US time.
Key Responsibilities:
-
Monitor security alerts from SIEM, EDR, and cloud platforms
-
Perform initial triage and classification of alerts as true or false positives
-
Investigate suspicious activities across endpoints, identities, and cloud environments
-
Escalate confirmed incidents to Tier 2 / Incident Response teams with proper context
-
Analyze logs from multiple sources, including CloudTrail, Azure Activity Logs, OS logs, and other relevant security data sources
-
Document findings clearly in tickets and investigation reports
-
Follow existing playbooks and contribute to improving detection logic over time
-
Communicate clearly with internal teams and clients regarding alerts, findings, and escalations
Requirements:
Required Qualifications:
-
1+ years of experience in SOC / Security Operations
-
Hands-on experience with EDR tools such as CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint
-
Familiarity with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, or similar
-
Understanding of networking basics, including IP, DNS, HTTP/S, ports, and related concepts
-
Basic knowledge of Linux and Windows operating systems
-
Ability to analyze logs and identify suspicious behavior
-
Fluent English, both written and spoken — mandatory
-
Excellent verbal communication skills, especially in client-facing situations
Preferred Qualifications:
-
Experience with cloud environments such as AWS, Azure, or GCP
-
Knowledge of GCP / Google Cloud Platform — significant advantage
-
Ability to investigate cloud activity, including IAM, API calls, and resource changes
-
Understanding of identity-based attacks, such as token abuse and privilege escalation
-
Experience with scripting in Python or Bas
Nice to Have:
-
Experience with threat hunting
-
Knowledge of MITRE ATT&CK