• Monitor and triage security alerts from SIEM, EDR, firewalls, IDS/IPS, WAFs, proxies, and identity systems.
  
• Perform initial investigation of suspicious activity, validate true/false positives, and escalate incidents when needed.
  
• Execute Tier I response actions such as isolating endpoints, blocking malicious traffic, resetting credentials, and collecting basic forensic data.
  
• Analyze logs from endpoints, servers, network devices, and authentication systems to identify potential threats.
  
• Document investigations, incident actions, and recommendations for detection or policy improvements.
  
• Support identity and access monitoring across Active Directory/Entra and other IAM platforms.
  
• Assist with vulnerability review, remediation tracking, and deployment of updated security controls.
  
• Follow SOC playbooks, regulatory requirements, and security policies related to data protection and incident handling.
  
• Maintain working knowledge of networking, operating system fundamentals, and common security technologies.
  

Requirements

• Proven experience as a cybersecurity analyst
  
• Proficient in risk assessment tools, technologies, and methods
  
• Experience designing secure networks, systems, and application architectures
  

• Certified Information Systems Security Professional (CISSP) or equivalent
  
• Experience with computer network penetration testing and techniques
  
• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts