Description
• Provide 24×7 first-line monitoring and triage for both cybersecurity and IT infrastructure/network events to ensure continuous detection, timely escalation, and SLA-based ticket handling.
• Mobilization: Onsite
• Duration of Services: 1 Year
• Work Shifts: 8 hours (24×7) shift
Key Responsibilities
• Monitor SOC/NOC alerts 24×7 from SIEM, Network Anomaly Detection Tool, and server/service monitoring tool.
• Perform L1 triage and validation (true/false positive, initial impact assessment, enrichment using available context).
• Create, classify, and update incidents/service tickets in ITSM ensuring complete documentation and evidence.
• Execute basic predefined actions based on SOPs/playbooks (e.g., validation checks, connectivity verification, initial containment steps with approval).
• Escalate to L2/L3 teams according to severity, SLA thresholds, and escalation matrix.
• Provide shift handover reports and maintain operational continuity across 24×7 shifts.
Requirements
Educational Background (Must)
• Bachelor’s degree in information security, Computer Science, IT, or a related field.
Professional Certifications / Trainings (Must)
• Trained or Certified in Analyst or Administration of IBM QRadar SIEM
• Trained or certified in SOC Analyst or Incident Handling and Response such as ECSA, Security+, CEH, ECIH, GCIH or equivalent
• Trained or Certified in any NMS/infra service availability monitoring tool
Professional Certifications / Trainings (Preferred)
• Practical cybersecurity training such as Security Blue Team, INE Security or equivalent.
• Trained or Certified in IT Service Management such as ITIL foundation
• Other cyber security certifications
Experience
General SOC & NOC Experience (Must)
• Minimum 3 years of experience as SOC analyst role.
• Experience in log analysis and incident investigation using the IBM QRadar SIEM.
• Experience in creating dashboards and scheduled reports in IBM QRadar SIEM.
• Experience with incident investigation using different security technologies such as AV, EDR, NDR, IDS/IPS, and firewalls.
• Understanding of different Operating Systems event logs such as Windows events (systems, security, application, powershell and sysmon), Linux OS audit logs.
• Understanding of HTTP request and response.
• Understanding of network protocols and packet analysis.
• Knowledge in using different open-sourced malware analysis tools.
• Experience in handling threat intelligence and threat hunting.
• Knowledge in different open-sourced intelligence tools (OSINT).
Technical Expertise (Preferred)
• Experience working with Manage Engine OpManager technology.
• Experience working with any SOAR platforms.
• Experience working with any Vulnerability Management tool.