L1 Operations- Associate Cyber Managed services Operate

Industry/Sector

Specialism

Management Level

Job Description & Summary

Driven by curiosity you are a reliable contributing member of a our fast-paced environment you are expected to adapt to working with a variety of clients and team members each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm you build a brand for yourself opening doors to more opportunities.

Examples of the skills knowledge and experiences you need to lead and deliver value at this level include but are not limited to:

• Apply a learning mindset and take ownership for your own development.
• Appreciate diverse perspectives needs and feelings of others.
• Adopt habits to sustain high performance and develop your potential.
• Actively listen ask questions to check understanding and clearly express ideas.
• Seek reflect act on and give feedback.
• Gather information from a range of sources to analyse facts and discern patterns.
• Commit to understanding how the business works and building commercial awareness.
• Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance) uphold the Firms code of conduct and independence requirements.

JD Associate L1 Squad

Squad (TDR IAM VM SecOps) Associate Operations Associate L1

The Cybersecurity L1 Analyst is the first line of defense in cybersecurity operations responsible for initial monitoring triage basic troubleshooting and escalating issues appropriately across security domainsincluding Threat Detection & Response (TDR) Identity & Access Management (IAM) Vulnerability Management (VM) and Security Operations (SecOps). This role ensures timely detection of anomalies execution of standard operating procedures (SOPs) and support of day-to-day operational activities under the guidance of L2 and L3 teams.

The L1 Cybersecurity Analyst provides foundational operational support across security towers executing monitoring triage documentation and routine system maintenance. This role is essential for ensuring timely detection of threats accurate escalation and reliable functioning of cybersecurity tools and processes in a 24/7 environment.

Share and collaborate effectively with others creating a positive team spirit.

Identify and make suggestions for improvements when problems and/or opportunities arise.

Validate data and analysis for accuracy and relevance.

Follow risk management and compliance procedures.

Communicate confidently in a clear concise and articulate manner - verbally and in written form.

Seek opportunities to learn about the wider economy alongside the business models/corporate governance and/or regulatory environment of our clients.

Uphold the firms code of ethics and business conduct.

Required Skills & Qualifications

1-3 years of experience in cybersecurity or IT operations (freshers with certification/training also considered).

Basic understanding of SIEM EDR IAM VM or ITSM tools.

Working knowledge of operating systems networks and cybersecurity fundamentals.

Strong communication analytical thinking and problem-solving skills.

Ability to follow documented procedures accurately and consistently.

Preferred Skills

Exposure to cloud platforms (Azure AWS) or scripting (Python PowerShell).

Understanding of MITRE ATT&CK vulnerability scoring threat intelligence.

Security certifications such as Security CEH AZ-900 ITIL.

Key Responsibilities:

1. Security Monitoring & Initial Incident Triage

Continuously monitor SIEM dashboards EDR alerts and security tools for potential security events.

Perform initial validation enrichment and triage of alerts to determine severity and legitimacy.

Escalate suspicious or confirmed incidents promptly to L2 or client teams per SOP.

Execute containment actions only if pre-approved and documented.

2. Vulnerability Management Support

Run or monitor daily scan health including scan failures credential issues and discovery schedule gaps.

Review and update tagging asset identification and scanner hygiene activities.

Validate obvious false positives or reassign support tickets as necessary.

Monitor remediation ticket creation/routing in the ITSM system.

3. IAM Operational Activities

Execute manual provisioning tasks for enterprise applications (AD SAP JDE Oracle) under supervision.

Support certificate lifecycle operations by identifying upcoming expirations.

Assist with SOP-driven IAM workflows across PAM IGA and Access Management.

4. Routine Application & System Maintenance

Perform daily operational checks for security tools across TDR IAM VM and SecOps.

Verify backups job completions ingestion status and platform service availability.

Perform basic break-fix troubleshooting following SOP guidelines.

Complete user administration tasks (creation updates revocation) based on access policies.

5. Ticket Management & Queue Monitoring

Track open tickets triage inbound requests and ensure correct routing to relevant queues.

Validate incomplete or misrouted tickets before escalating.

Update tickets accurately with findings timestamps and actions taken.

6. Documentation & Knowledge Capture

Document daily activities triage steps case notes and lessons learned.

Maintain logs of troubleshooting activities to support audit and RCA work.

Assist in updating SOPs runbooks quick reference guides and knowledge articles.

7. Ad-Hoc Support Tasks

Execute ad-hoc search queries in SIEM or security tools as requested by L2/L3.

Support onboarding cross-training and knowledge transfer sessions.

Provide assistance during service disruptions or high-severity incidents.

8. Shift Support & Operational Discipline

Operate within a 24x7 or follow-the-sun model ensuring timely handovers.

Maintain shift logs follow escalation paths and adhere strictly to SLAs.

Support L2/L3 teams during P1/P2 incidents with data collection and communication.

9. Communication & Collaboration

Communicate clearly and promptly with internal teams documenting all interactions.

Coordinate with IT infrastructure IAM VM and other cybersecurity teams as needed.

10. Continuous Learning & Skill Development

Actively pursue learning pathways to advance toward L2 responsibilities.

Stay informed about basic cybersecurity threats tools and industry trends.

Travel Requirements

Job Posting End Date