Job Description

• Security Monitoring
  - Continuously monitor security alerts and events from SIEM tools and other monitoring systems
  - Analyze logs and events for signs of potential security incidents or breaches

• Incident Triage and Initial Response
  - Perform initial triage of security incidents, classify and prioritize them based on severity
  - Escalate confirmed or high-risk incidents to L2/L3 analysts for deeper investigation

• Alert Analysis and Investigation
  - Review alerts from firewalls, IDS/IPS, antivirus, EDR, email gateways, etc.
  - Correlate events across multiple systems to identify suspicious activity

• Documentation and Reporting
  - Create and maintain detailed incident tickets and investigation notes
  - Prepare daily/weekly reports on incident trends, alert volumes, and response actions

• Threat Intelligence Review
  - Stay updated with emerging threats and vulnerabilities
  - Use available threat intelligence to support alert validation and enrichment

• System Health Checks
  - Ensure the monitoring tools (SIEM, log collectors, endpoint agents, etc.) are functioning properly
  - Report any gaps in visibility or tool failures

• Follow Standard Operating Procedures (SOPs)
  - Adhere strictly to defined incident response procedures and escalation paths
  - Participate in continuous improvement of SOC SOPs

• User Awareness and Phishing Triage
  - Analyze reported phishing emails and suspicious user activities
  - Help with awareness by informing users of phishing attempts or false positives

• Shift Handover and Communication
  - Conduct clear shift handovers with detailed updates on ongoing incidents and system status
  - Communicate effectively with other teams (IT, network, infrastructure) when required

Person Specification

• Completed or following a bachelor's degree in Cyber Security or similar IT degree