Role Responsibilities

Key responsibilities for this role may include: 

Incident Detection & Response:

• Lead the triage, investigation, and classification of security events using SIEM and other tooling

• Take ownership of end-to-end handling of medium to high-severity incidents, coordinating containment and remediation efforts

• Maintain detailed incident records, including timelines, impact assessments, root cause analysis, and mitigation steps

• Act as an escalation point for Tier 1 analysts, guiding initial response actions and validating escalations

• Participate in on-call or out-of-hours technical support where appropriate

Threat Intelligence and Analysis:

• Perform in-depth analysis of suspicious activity, identifying indicators of compromise and attribution patterns

• Lead threat intelligence sharing within the organisation and with external partners

• Mentor Tier 1 staff in interpreting threat data and logs during investigations

Security Monitoring and Detection Engineering:

• Conduct continuous security monitoring of network traffic, endpoints, and critical systems

• Proactively tune and improve SIEM rules, alerts, and correlation logic to reduce false positives and increase detection fidelity

• Support onboarding of new data sources into SIEM and help define parsing, enrichment, and correlation logic

• Lead investigations into recurring false positives or noisy alerts and propose sustainable resolutions

• Support deployment and configuration of security tooling

Compliance, Reporting and Documentation:

• Lead security audits and assessments, providing evidence of SOC activities and controls

• Maintain accurate records of all events handled, including triage notes and escalation details.

• Lead the delivery of incident and vulnerability summaries to the management team and customers as part of Service Reviews or Security Working Groups

• Lead post-incident reviews and document lessons learned

• Ensure compliance with industry standards, regulations, and internal security policies

• Prepare and present regular reports and metrics on SOC operations and overall security posture

Vulnerability Management:

• Coordinate and support risk-based prioritisation of vulnerability remediation efforts

• Support vulnerability lifecycle management, including exception handling, patch validation, and reporting

• Provide vulnerability remediation guidance based on CVSS scores, threat context and business impacts

Collaboration and knowledge sharing:

• Act as a technical mentor to Tier 1 analysts, supporting their development and escalation handling

• Work closely with other IT teams (e.g., Network, Architecture, and Development teams) to identify and resolve security issues

• Share insights, threat intelligence, and incident learnings to improve the overall security posture of the organization

Continuous Improvement:

• Identify gaps in detection, response, or processes and propose pragmatic, measurable improvements

• Lead small initiatives to improve SOC efficiency, such as automating repetitive tasks or improving alert triage

• Contribute to maturity efforts such as MITRE ATT&CK mapping, control gap analysis, or threat modelling

Education and Experience Requirements

As a T1 SOC Analyst, you will have:

Experience (preferred)

• 1 to 3 years of hands-on experience in a SOC or similar security operations role, with demonstrable exposure to incident response, security monitoring, or threat analysis

• Experience handling real-world security incidents and working with SIEM, EDR, or vulnerability management tools

• Candidates with strong practical experience through labs, home projects, certifications, or internships may also be considered if they can demonstrate applied knowledge at a Tier 2 level

Education:

• Bachelor’s degree in Computer Science, Information Security, Cyber Security or related field, or equivalent experience desirable.

Certifications (preferred):

• Any SIEM-specific certification or vendor-specific training.

• Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), BTL1, BTL2 or others are highly desirable but not essential.

Technical Skills:

• Proficient in using SIEM platforms such as LogRhythm, Elastic SIEM, Microsoft Sentinel or similar for monitoring and analysis

• Solid understanding of network protocols, firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security

• Hands-on experience with log analysis and alert triage, vulnerability scanning and patching and incident response

• Working knowledge of cyber security and compliance frameworks (NIST, ISO 27001, MITRE ATT&CK).

• Experience or strong interest in using scripting and automation for security operations

Soft Skills:

• Excellent written and verbal communication skills, with the ability to convey information to both technical and non-technical stakeholders

• Strong analytical mindset with keen attention to detail and sound judgement

• Able to follow standard operating procedures with discipline and accuracy

• Eager to learn, ask questions, and develop professionally

• Comfortable working in a fast-paced team environment and managing multiple priorities

• Proactive in seeking opportunities to learn and grow with a curious, problem-solving mindset

SecureCloud+ is an equal opportunities employer and does not discriminate on the basis of age, sex, colour, religion, race, disability, or sexual orientation. Our hiring decisions are based on an individual’s experience and qualifications for the job advertised.