Investigates, analyzes and responds to cybersecurity incidents. A CSOC Analyst uses data collected from various defense tools to analyze events occurring within their organization to detect and mitigate cyber threats. They monitor network and system activity for signs of malicious behavior, correlate threat intelligence with security incidents, and escalate findings to appropriate response teams. Additionally, they develop and refine detection rules, conduct analysis on security incidents, and contribute to the continuous improvement CSOC Operations.
Minimum Experience Requirements
• 3 - 7 years of experience in security operations, incident response, or threat detection.
• Strong hands-on experience with security monitoring tools (SIEM, SOAR, EDR, IDS/IPS).
• Proficient in investigating security incidents, conducting root cause analysis, and threat hunting.
• Experience working with threat intelligence, malware analysis, and incident investigations.
• Ability to refine detection logic, write SIEM queries, and improve security use cases.
Security Operations & Monitoring
• Monitor security alerts from SIEM and other security tools to detect potential threats.
• Identify, analyze, and escalate security incidents following defined incident response procedures.
• Investigate security events and determine the severity and impact on the organization.
• Maintain awareness of cybersecurity threats to enhance monitoring effectiveness.
• Execute initial triage of security events, including threat validation and impact assessment.
• Escalate security incidents to Incident Response teams as needed.
• Conduct log analysis to identify anomalous behavior and potential security breaches.
• Document security incidents, findings, and response actions in SOAR.
Threat Detection & Incident Response
• Respond to real-time alerts from security tools and apply playbooks for incident handling.
• Analyze suspicious activity and determine if it qualifies as a security incident.
• Provide first-response containment and mitigation actions for identified threats.
• Assist in threat hunting activities to detect stealthy threats.
• Work with senior analysts to refine detection rules and improve threat identification.
• Support forensic analysis of security incidents by providing relevant logs and artifacts.
• Investigate phishing emails, suspicious domains, and malicious IP addresses.
• Support malware analysis by providing behavioral observations and preliminary assessments.
Threat Intelligence & Continuous Improvement
• Maintain an up-to-date knowledge base of current threats, attack techniques, and exploits.
• Leverage cyber threat intelligence (CTI) feeds to identify new attack vectors.
• Assist in refining and tuning SIEM alerts to reduce false positives and enhance detection.
• Participate in purple team exercises to enhance SOC detection and response capabilities.
Communication & Collaboration
• Provide clear and concise reports on security incidents, including impact and recommended actions.
• Collaborate with internal teams to remediate cybersecurity vulnerabilities.
• Support CSOC leadership in ensuring 24/7 coverage for security monitoring and incident response.
Required academic achievements:
• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field (required) or Law
• Master’s degree in Cybersecurity, Information Security, Information Systems, or a related field (highly preferred)
Preferred professional certifications:
• Certified Cloud Security Professional (CCSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Defensible Security Architect Certification (GDSA)
• GIAC Security Operations Certified (GSOC)