Job Description
The Cyber Security Analyst is responsible for security monitoring, threat detection, and incident investigation within the Security Operations Center (SOC).
This role provides hands‑on technical expertise in analyzing security events, responding to incidents, and optimizing detection capabilities.
The Analyst plays a critical role in ensuring timely identification, analysis, and containment of cyber threats across enterprise environments.
Key Responsibilities
1. Security Monitoring & Incident Response: Investigate and respond to complex, high‑severity security incidents across network, endpoint, cloud, and application environments. Perform deep‑dive analysis of alerts, logs, and telemetry to determine root cause, impact, and remediation actions. Coordinate incident response activities across internal teams and external stakeholders when required. Escalate critical incidents to management in a timely manner. Ensure all incidents are handled in accordance with defined SLAs, playbooks, and regulatory requirements.
2. Threat Detection & Use Case Management: Develop, tune, and optimize SIEM detection rules to improve detection accuracy. Reduce false positives and enhance overall monitoring effectiveness. Continuously refine detection use cases based on emerging threats and incident learnings.
3. Continuous Improvement & SOC Maturity: Contribute to the development and enhancement of SOC processes, runbooks, and playbooks. Identify opportunities to improve SOC efficiency through automation, SOAR, and AI‑driven capabilities. Support SOC maturity initiatives and operational excellence programs.
4. Leadership & Mentorship: Provide guidance and mentorship to junior analysts. Act as an escalation point for complex technical investigations. Promote knowledge sharing and continuous learning within the SOC team.
Required Skills & Experience
* Strong hands‑on experience with SIEM platforms such as Splunk, Elasticsearch, Microsoft Sentinel, or Google SecOps.
* Solid understanding of network security, endpoint security, identity & access management, cloud security concepts.
* Experience analyzing logs from firewalls, EDR solutions, IDS/IPS systems.
* Experience with cloud platforms and operating systems.
* Familiarity with incident response methodologies and digital forensics fundamentals.
* 3–5 years of experience in Cyber Security Operations, SOC, and Incident Response roles.
* Proven ability to independently handle medium to high severity incidents.
* Experience in regulated environments (financial services, government, healthcare) is advantageous.
* Strong analytical and problem‑solving capabilities.
* Ability to remain calm and structured under pressure.
* High level of ownership, accountability, and attention to detail.
* Strong communication and stakeholder management skills.
Preferred / Nice‑to‑Have Experience
* Experience with SOAR platforms and security automation.
* Cloud security exposure (AWS, Azure, GCP) and scripting or query skills (SPL, KQL, SQL, Python).
* Experience in SOC transformation or SIEM migration projects.
* GIAC certifications (GCIA, GCIH, GCED) – preferred.
* SIEM‑related certifications (Elastic, Google SecOps, Microsoft Sentinel, or equivalent).
#J-18808-Ljbffr