SOC Analyst (NCS/Job/ 3653)

Job Description: SOC Analyst

Role: Security Operations Center (SOC) Analyst (Sentinal mandatory)
Experience: 5–8 Years

Role Overview

Seeking a hands-on SOC Analyst to provide immediate operational support and free up internal security staff. This role focuses on real-time monitoring, triage, and response to security alerts across endpoint protection, phishing incidents, and email security tools.

Primary responsibility includes working with:

• SentinelOne (EDR/XDR alerts)
• Microsoft Defender (Email, Endpoint, Identity alerts)
• Phishing reports from end-users

Key Responsibilities

1. Security Alert Monitoring & Triage

• Monitor and triage alerts from:
  • SentinelOne (malware, suspicious activity, behavioral alerts)
  • Microsoft Defender (Defender for Endpoint, Defender for Office 365)
• Perform initial investigation and classification:
  • True Positive / False Positive
  • Severity and impact assessment
• Escalate complex incidents to internal teams

2. Phishing Incident Response

• Analyze phishing reports submitted by users:
  • Email headers, URLs, attachments
• Take appropriate response actions:
  • Block sender/domain
  • Quarantine emails
  • Trigger user awareness notifications
• Coordinate with email security policies in Defender

3. Incident Response

Focus

• Alert triage and ticket creation
• Basic containment actions (isolate endpoint, block indicators)
• Run predefined playbooks
• Deep-dive investigation of incidents
• Endpoint forensics (via SentinelOne)
• Correlate alerts across tools
• Execute remediation actions (kill processes, isolate machines)

4. Ticketing & Documentation

• Create and update incident tickets (ServiceNow/JIRA or equivalent)
• Maintain clear investigation notes and evidence
• Ensure SLA adherence for response and resolution

5. Threat Detection & Improvement

• Identify recurring patterns and suggest tuning
• Reduce false positives via rule optimization
• Contribute to improving SOC playbooks and runbooks

Required Skills & Qualifications

Core Technical Skills

• Hands-on experience with:
  • SentinelOne (EDR/XDR investigation)
  • Microsoft Defender (Endpoint + Email Security)
• Strong understanding of:
  • Phishing detection and analysis
  • Malware behavior and indicators of compromise (IOCs)
  • Email security (SPF, DKIM, DMARC basics)
• Familiarity with SIEM/SOAR tools (nice to have)

Preferred Skills

• Experience with:
  • Microsoft Defender for Office 365
  • Threat Intelligence platforms
• Basic scripting (PowerShell/Python) for investigation
• Understanding of MITRE ATT&CK framework

Soft Skills

• Strong analytical thinking
• Clear communication (written & verbal)
• Ability to work in fast-paced SOC environment
• High attention to detail

Certifications (Preferred)

• Security+  
• CySA+ / CEH
• Microsoft Security Operations Analyst (SC-200)