SOC Level 1 Analyst

About the Role

Cybersecon Technologies is seeking a motivated and detail-oriented SOC Level 1 Analyst to join our Security Operations Centre team. As the first line of defense, you will be responsible for monitoring security alerts across our Microsoft Sentinel SIEM and Microsoft Defender XDR platform, triaging incidents, and escalating threats according to established procedures. This role offers a fantastic opportunity for an early-career security professional eager to gain practical, hands-on experience in a dynamic operational environment.

Role & Responsibilities

• Monitor and triage security alerts generated by Microsoft Sentinel and Microsoft Defender XDR, including Defender for Endpoint, Defender for Identity, Defender for Office 365, and Defender for Cloud Apps.
• Perform initial investigations of incidents within the Microsoft Defender portal and Sentinel workspace, assessing severity and priority based on defined playbooks.
• Review Microsoft Secure Score recommendations and report findings to senior analysts.
• Accurately log, track, and document incidents in the ticketing system, ensuring clear and complete records for escalation.
• Escalate confirmed or suspected security incidents to Level 2/3 analysts with concise summaries including affected assets, impacted users, and initial indicators of compromise.
• Execute predefined response actions within Defender XDR, such as isolating devices, blocking users, and initiating automated investigation and response (AIR) workflows.
• Conduct basic threat intelligence lookups using Microsoft Threat Intelligence and Defender Threat Analytics to support triage decisions.
• Assist with vulnerability management activities using Microsoft Defender Vulnerability Management (MDVM) and communicate findings to senior analysts.
• Contribute to the continuous improvement of SOC playbooks, Microsoft Sentinel analytics rules, and standard operating procedures.
• Maintain situational awareness of the current threat landscape through Defender Threat Analytics reports, internal briefings, and industry threat feeds.

Key Technical Requirements

• Hands-on experience or exposure to Microsoft Sentinel for alert monitoring, incident investigation, and basic KQL (Kusto Query Language) queries.
• Familiarity with the Microsoft Defender XDR portal and its core workloads: Defender for Endpoint (MDE), Defender for Identity (MDI), and Defender for Office 365 (MDO).
• Understanding of Microsoft 365 and Azure Active Directory (Entra ID) fundamentals, including user accounts, roles, and sign-in activity.
• Awareness of Microsoft's Zero Trust security model and its application to endpoint and identity security.
• Basic understanding of Windows security event logs and their visibility within Defender for Endpoint and Sentinel.

Required Qualifications & Experience

• Minimum 1-2 years of experience in an IT, networking, or cybersecurity role.
• Strong understanding of networking concepts: TCP/IP, DNS, HTTP/S, firewalls, and proxies.
• Familiarity with common operating systems (Windows, Linux) and their security event logs.
• Basic understanding of the MITRE ATT&CK framework and common attack techniques.
• Strong analytical and problem-solving skills with a keen attention to detail.
• Excellent written and verbal communication skills.
• Ability to work shift patterns including nights, weekends, and public holidays.

Preferred Qualifications

• Exposure to ticketing systems such as ServiceNow, Zoho Desk, or Jira.
• Understanding of common malware types and behaviors.
• Microsoft Certified: Security Operations Analyst Associate (SC-200) or actively working towards it.
• Microsoft Certified: Azure Fundamentals (AZ-900) or Security, Compliance, and Identity Fundamentals (SC-900).
• CompTIA Security+ or CySA+ or equivalent industry certification.
• Exposure to Microsoft Sentinel workbooks, analytics rules, or automation (SOAR/Logic Apps).
• Knowledge of phishing analysis techniques and experience investigating alerts from Defender for Office 365.
• Candidates who can join immediately or within 15 days are preferred.