Key responsibilities

• Monitor security alerts from SIEM and other security monitoring tools to detect potential cybersecurity threats
• Identify, analyze, triage, and escalate security incidents in accordance with defined incident response procedures
• Investigate security events to determine severity, scope, and organizational impact
• Execute initial triage activities including threat validation, prioritization, and impact assessment
• Conduct detailed log analysis to identify anomalous behavior and indicators of compromise
• Respond to real-time alerts using documented incident response playbooks
• Provide first-response containment and mitigation actions for confirmed security incidents
• Escalate incidents to Incident Response teams when required and support coordinated response activities
• Document all security incidents, findings, investigative steps, and response actions within SOAR platforms
• Analyze suspicious activity to determine whether it qualifies as a confirmed security incident
• Support threat hunting initiatives to identify advanced or stealthy threats within the environment
• Work with senior analysts to refine detection rules, improve SIEM queries, and enhance security use cases
• Investigate phishing emails, malicious domains, suspicious IP addresses, and other threat indicators
• Support malware analysis efforts by providing behavioral observations and preliminary assessments
• Leverage cyber threat intelligence feeds to identify emerging threats, attack techniques, and exploit trends
• Participate in purple team exercises to improve SOC detection, response, and defensive capabilities
• Collaborate with internal technical teams to remediate identified cybersecurity vulnerabilities
• Provide clear, concise reports on security incidents including root cause, impact, and recommended remediation actions
• Support CSOC leadership in maintaining continuous 24/7 security monitoring and incident response coverage