SOC Analyst — Security Operations

ESSENTIAL JOB DUTIES

1. Alert Monitoring & Initial Triage

• Monitor the security alert queue continuously across shift ensuring no alerts are missed delayed or left without an initial disposition.
• Perform initial triage of incoming alerts: review alert context classify by type and potential severity and determine whether the alert warrants escalation or closure as a false positive.
• Apply documented playbooks and runbooks to guide triage decisions; escalate promptly to L2 when an alert exceeds L1 scope or confidence threshold.
• Maintain accurate timely documentation of all triage actions: alert details initial findings disposition rationale and escalation notes.
• Support shift handoff quality by ensuring all open items are clearly documented and communicated to the incoming analyst.

2. ReliaQuest GreyMatter

• Use GreyMatter as the primary platform for alert review case management and initial investigation workflows.
• Navigate GreyMatter case queues apply filters and use built-in enrichment and AI-assisted features to support triage decisions always validating outputs before acting.
• Document findings disposition notes and escalation rationale within GreyMatter case records in accordance with SOC documentation standards.
• Develop proficiency with GreyMatter investigation workflows through structured on-the-job learning and guidance from L2 analysts and the SOC Manager.

3. Microsoft Defender for Endpoint

• Review MDE alerts surfaced through GreyMatter or the MDE portal; understand alert categories severity levels and associated device context.
• Perform basic endpoint investigation tasks: review device timelines for obvious indicators check process trees and identify key artifacts to include in escalation notes.
• Understand and apply MDE alert triage criteria to support accurate initial severity classification.

4. Microsoft Sentinel

• Review Sentinel incidents and alerts as part of the monitoring queue; understand alert sources and the log types that feed detections.
• Run basic KQL queries using provided templates to retrieve log evidence and support initial triage findings.
• Develop foundational KQL proficiency over time progressing toward independent query construction for common triage scenarios.

5. SSE/SWG Platforms Zscaler & Netskope

• Develop working familiarity with Zscaler and Netskope alert types log sources and basic policy constructs.
• Review web security alerts and support L2 analysts with initial context gathering for Zscaler and Netskope-related investigations.
• Follow documented workflows for reporting and escalating SSE/SWG events that exceed L1 triage capability.

6. ServiceNow Ticket Handling

• Manage ServiceNow tickets assigned to the InfoSec/SOC queue: acknowledge classify document and escalate or resolve within SLA.
• Handle routine low-complexity security tickets: user-reported suspicious emails access queries and basic security tool questions following documented resolution procedures.
• Maintain accurate ticket records: classification evidence summary actions taken and resolution notes aligned to SOC documentation standards.
• Flag repeat patterns or unresolved issues for L2 review and knowledge article creation.

7. Email Security

• Perform initial triage of user-reported phishing and suspicious email submissions using Mimecast and/or .
• Apply documented phishing triage criteria: assess sender links attachments and headers; classify and escalate confirmed or suspected malicious emails to L2.
• Support quarantine and release workflows under L2 direction; document findings and outcomes in the relevant ticket or case record.

REQUIRED SKILLS & EXPERIENCE

• 1 years of experience in a SOC IT operations helpdesk or security monitoring role.
• Basic understanding of networking fundamentals: TCP/IP DNS HTTP/S common ports and protocols.
• Familiarity with Windows operating system concepts: processes services event logs and common file system paths.
• Awareness of common attack types and indicators: phishing malware credential abuse and suspicious scripting.
• Ability to follow structured procedures playbooks and escalation paths with precision and consistency.
• ServiceNow or equivalent ITSM tool experience: ticket creation classification and documentation.
• Strong attention to detail and clear written communication for ticket notes case documentation and shift handoffs.

PREFERRED QUALIFICATIONS

• Prior exposure to a SIEM platform (Microsoft Sentinel Splunk or similar) for alert review or basic log analysis.
• Familiarity with Microsoft Defender for Endpoint or equivalent EDR tooling.
• Exposure to phishing analysis and email security tools (Mimecast or similar).
• Understanding of the MITRE ATT&CK framework at a foundational level.
• Experience working in a 247 shift environment.

EDUCATION & CERTIFICATIONS

• Bachelors degree in Computer Science Information Security Engineering or equivalent practical experience.
• CompTIA Security preferred or actively pursuing.
• Microsoft SC-900 (Security Compliance and Identity Fundamentals) a plus.
• CompTIA CySA or equivalent desirable as a development target.

SUCCESS MEASURES

• SLA compliance and accurate complete documentation for all assigned ServiceNow tickets.
• Alert triage accuracy: low false-positive closure rate and appropriate timely escalations to L2.
• Shift handoff quality: all open items documented and communicated clearly with no gaps.
• Demonstrated progression in GreyMatter proficiency and foundational tool knowledge over the first 90 days.
• Positive contribution to team knowledge through flagging repeat patterns and supporting runbook updates.

WORKING CONDITIONS

• 247 rotational shifts including nights weekends and holidays.
• On-call support may be required for high-severity incidents.
• Role demands sustained alertness consistent process adherence and composed methodical work under pressure.

Job Applicant Privacy Notice

EEO Statement

The Company is an equal opportunity accordance with applicable law we prohibit discrimination against any applicant employee or other covered person based on any legally recognized basis including but not limited to: veteran status uniformed servicemember status race color caste immigration status religion religious creed (including religious dress and grooming practices) sex gender gender expression gender identity marital status sexual orientation pregnancy (including childbirth lactation or related medical conditions) age national origin or ancestry citizenship physical or mental disability genetic information (including testing and characteristics) protected leave status domestic violence victim status or any other consideration protected by federal state or local law. We are committed to providing reasonable accommodations if you need an accommodation to complete the application process please email