The SOC Analyst L1 is responsible for real-time monitoring, triage, and initial analysis of security events and alerts generated from the IBM QRadar SIEM platform and associated security tools. This role focuses on identifying potential threats, validating incidents, and escalating genuine issues for further investigation, ensuring proactive and continuous protection of enterprise systems.
Key Responsibilities
• Monitor, analyze, and triage security events and alerts using IBM QRadar and other integrated tools.
• Identify false positives and validate true security incidents for escalation to L2 analysts.
• Perform initial investigation and categorization of QRadar offenses based on severity and priority.
• Follow defined SOC processes, playbooks, and standard operating procedures (SOPs).
• Document incident details and maintain accurate records in the incident management system (e.g., ServiceNow, JIRA).
• Conduct regular health checks of the QRadar environment – event flow, EPS utilization, and log source connectivity.
• Collaborate with the infrastructure and security teams to ensure uninterrupted log collection and alerting.
• Assist with correlation rule testing and detection use case validation.
• Participate in knowledge sharing, shift handovers, and daily SOC briefings.
• Stay up to date with emerging cyber threats and QRadar enhancements.
Required Technical Skills
• Basic understanding of IBM QRadar SIEM – offense management, event viewer, and log activity.
• Knowledge of networking concepts – TCP/IP, DNS, HTTP/S, SMTP, VPN, Firewalls.
• Familiarity with endpoint security, IDS/IPS, and antivirus solutions.
• Awareness of cyber attack methodologies and the MITRE ATT&CK framework.
• Understanding of the incident response lifecycle (Detection, Analysis, Containment, Recovery).
• Strong analytical, problem-solving, and communication skills.
• Ability to work in a 24x7 rotational shift SOC environment.
Qualifications & Certifications
• Bachelor’s degree in Computer Science, Information Technology, or Cybersecurity.
• 0–3 years of experience in SOC or security monitoring roles.
• Preferred certifications: IBM QRadar Fundamental, CompTIA Security+, EC-Council CSA, CCNA Security.
