Keyrock
SOC Analyst (Level 1)
RemoteFull-timeGlobal
š Juniorš Remote
RemoteRemote work position available
Job Description
[AI-summarized by JobStash]
You will act as the first line of defense, monitoring alerts, triaging events and performing initial investigations to determine scope and severity. You will gather logs and telemetry to enrich cases, document findings clearly in the ticketing system, and escalate confirmed or suspected incidents to Level 2/Incident Response with a complete handoff. You will follow runbooks to execute authorized containment actions, map alerts to adversary behaviors using frameworks like MITRE ATT&CK, and maintain accurate shift handovers, watchlists and investigation notes. You will work rotating shifts and participate in on-call coverage as required.
Requirements
- ā0ā2 years in a SOC security monitoring or IT operations role or equivalent hands-on experience
- āPractical knowledge of networking DNS HTTP(S) identity authentication and malware basics
- āFamiliarity with log investigation and event triage concepts
- āFamiliarity with SIEM EDR ticketing tools and basic SOAR concepts
- āStrong written communication to produce clear escalation ready tickets and timelines
- āAbility to work rotating shifts and on-call including weekends and holidays
Responsibilities
- āMonitor security alerts across SIEM EDR and cloud security tooling 24/7
- āTriage alerts and distinguish false positives from credible threats
- āInvestigate and enrich incidents by gathering logs and telemetry
- āEscalate confirmed or suspected incidents to Level 2 Incident Response with complete handoffs
- āExecute runbooks and authorized containment actions for common events
- āMap alerts to adversary behaviors using MITRE ATT&CK
- āMaintain shift handovers update watchlists and recommend detection tuning
Tech Stack
CrowdStrikeCloudTrailTelemetryticketingDNSlog analysisPythonSOARincident responseSplunk