Security Operations Officer
Job Summary:
The Security Operations Officer is a hands-on technical role within the Security Operations Center (SOC). This individual is responsible for monitoring the organization's security posture, investigating alerts, and performing initial incident response. They are the first line of defense against cyber threats and play a critical role in identifying and mitigating security incidents.
Key Responsibilities:
- Monitor security alerts from the SIEM, EDR, and other security tools in a 24/7 shift model.
- Triage and investigate security events to determine false positives, true positives, and severity.
- Perform initial incident response activities following established playbooks.
- Document investigations thoroughly in the incident management system.
- Escalate complex incidents to senior analysts or the incident response team.
- Assist in the development and tuning of SIEM correlation rules and use cases.
- Stay current with the latest cybersecurity threats, vulnerabilities, and attack techniques.
Qualifications and Experience:
- 2-4 years of experience in a SOC or related cybersecurity role.
- Hands-on experience with SIEM platforms (e.g., Splunk, ArcSight, Sentinel) and EDR tools.
- Understanding of network protocols, firewall logs, and system logs.
- Foundational knowledge of incident response and cyber threats.
- Certifications such as Security+, CySA+, or GSEC are preferred.
