SOC Analyst/Incident Response Analyst

SOC/Incident Response Analyst This position is a first-line defense role operating during critical off-hour windows (nights and weekends). The team will be responsible for the initial triage and validation of security alerts generated by Customer’s SIEM, Okta, SentinelOne, Keeper, and Google platforms. The primary objective is to investigate anomalies and escalate confirmed threats to the internal Incident Response (IR) team through PagerDuty. Core Responsibilities SIEM Alert Validation: Monitor Jira/BlinkOps for alerts pertaining to: Identity issues, compromised passwords, impossible travel, travel to restricted countries, Superadmin creation in Okta, Admin created in SentinelOne, Google admin account activity (creation/deletion), Splunk data deletion, HoneyCred access in Keeper, and suspected malicious access by Okta, Google, and other systems. Investigation: Perform manual investigation (running searches in Splunk, SentinelOne, and Recorded Future apps) to confirm alert details, determine False Positive/True Positive status, and engage the on-call IR lead. Manual IR Escalation: Identify True Positive events and provide the IR team with a handoff summary including impacted users, systems, and IP information. Skills Matrix Feature | Requirement Alert Triage: Able to investigate alerts through log entries and reconstruct user/system activity. SIEM Navigation: Competency in querying logs (training provided as needed). EDR Navigation: Ability to search SentinelOne to identify specific activity related to alerts. Communication: Ability to write clear summaries in Jira and PagerDuty. Escalation: Ability to escalate True Positives to IR through PagerDuty. Education Qualification and Experience The ideal candidate should have a Bachelor's Degree in IT, Computer Science or similar Have at least 1-2 years of experience in a similar role