Tier 1 SOC Analyst (Client‑Facing)

About the role

We are seeking a Tier 1 SOC Analyst to join our security operations team. The role focuses on initial triage, monitoring, and investigation of security alerts across cloud and endpoint environments, with direct client interaction and clear communication of findings.

Key responsibilities

• Monitor security alerts from SIEM, EDR, and cloud platforms.
• Perform initial triage and classify alerts as true or false positives.
• Investigate suspicious activities on endpoints, identities, and cloud services.
• Escalate confirmed incidents to Tier 2/Incident Response teams with full context.
• Analyze logs from CloudTrail, Azure Activity Logs, OS logs, and other sources.
• Document findings in tickets and investigation reports.
• Follow and improve existing playbooks and detection logic.
• Communicate alerts, findings, and escalations clearly to internal teams and clients.

Required profile

• Minimum 1 year of hands‑on SOC or Security Operations experience.
• Fluent English (written and spoken) with excellent verbal communication skills.
• Client‑facing experience and ability to convey technical information clearly.
• Basic understanding of networking concepts (IP, DNS, HTTP/S, ports).
• Fundamental knowledge of Linux and Windows operating systems.

Required skills

• Experience with EDR tools such as CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint.
• Familiarity with SIEM platforms like Splunk, Microsoft Sentinel, or QRadar.
• Log analysis and ability to identify suspicious behavior.
• Cloud security knowledge (AWS, Azure, Google Cloud Platform) and IAM/API activity investigation.
• Python scripting for automation and analysis.
• Understanding of MITRE ATT&CK framework.
• Threat‑hunting techniques (nice to have).