Investigate escalated alerts from L1 and assess threat impact, scope, and root cause.
Mentor & coach L1 in investigating & analyzing the security events with SIEM & XDR tools as needed.
Provide timely incident response support in coordination with IT and business units.
Perform threat intelligence analysis and correlate external IOCs/TTPs.
Design and implement strategies to contain threats and to initiate recovery efforts in coordination with relevant teams.
Review and refine detection rules, correlation logic, response playbooks, and incident response procedures to maintain relevance and effectiveness.
Perform continuous threat hunting as a proactive activity against emerging cyber threats within the existing SIEM tools.
Create and maintain SOP & response documentation.
Maintain and update change management and incident tracking calendars.
Maintain detailed hunt documentation, findings, and recommendations for remediation and prevention.
Create and maintain detection content aligned with MITRE ATT&CK and other threat frameworks.
Requirements
Graduates from D3, D4, or S1.
3-5 years of working experience as an L1 Security Analyst.
In-depth understanding of network and endpoint security.
Hands-on experience with SIEM (Splunk, Sentinel, QRadar, Elastic), XDR, tools (e.g., Cortex, Ms Defender, TM-Vision1, CrowdStrike, SentinelOne).
Knowledge of threat intelligence, IOCs, and MITRE ATT&CK framework.
Understanding of the incident response lifecycle.
Familiarity with vulnerability assessment methods.
Intermediate analytical and investigative skills.
Ability to correlate data from multiple sources.
Clear documentation and reporting skills.
Effective communication with technical and non-technical teams.
Incident handling under pressure.
Having one or a few of these certifications would be an advantage: Blue Team Level 1 (BTL1) by Security Blue Team, CIHE, ECIH, CHFI, BTL2, eJPT, eWPT, CEH, eCTHP, CompTIA Cybersecurity Analyst (CySA+), MS-200
