SOC AnalystIncident Response Analyst

SOC/Incident Response Analyst

This position is a first-line defense role operating during critical off-hour windows (nights and weekends). The team will be responsible for the initial triage and validation of security alerts generated by Customers SIEM Okta SentinelOne Keeper and Google platforms. The primary objective is to investigate anomalies and escalate confirmed threats to the internal Incident Response (IR) team through PagerDuty.

Core Responsibilities

• SIEM Alert Validation: Monitor Jira/BlinkOps for alerts pertaining to: Identity issues compromised passwords impossible travel travel to restricted countries Superadmin creation in Okta Admin created in SentinelOne Google admin account activity (creation/deletion) Splunk data deletion HoneyCred access in Keeper and suspected malicious access by Okta Google and other systems.
  

• Investigation: Perform manual investigation (running searches in Splunk SentinelOne and Client apps) to confirm alert details determine False Positive/True Positive status and engage the on-call IR lead.
  

• Manual IR Escalation: Identify True Positive events and provide the IR team with a handoff summary including impacted users systems and IP information.
  

Skills Matrix

Feature Requirement

Alert Triage: Able to investigate alerts through log entries and reconstruct user/system activity.

SIEM Navigation: Competency in querying logs (training provided as needed).

EDR Navigation: Ability to search SentinelOne to identify specific activity related to alerts.

Communication: Ability to write clear summaries in Jira and PagerDuty.

Escalation: Ability to escalate True Positives to IR through PagerDuty.

Education Qualification and Experience

1. The ideal candidate should have a Bachelors Degree in IT Computer Science or similar
   

2. Have at least 1-2 years of experience in a similar role