- Company Name
- IBM
- Job Title
- SOC Analyst
- Job Description
-
**Job Title:** SOC Analyst
**Role Summary:**
Monitor, investigate, and respond to security incidents using SIEM, SOAR, EDR, and XDR platforms. Apply threat frameworks (MITRE ATT&CK, Cyber Kill Chain) to identify adversary tactics, conduct incident investigations, generate reports, and recommend remediation. Support vulnerability management, threat hunting, and process improvement to strengthen overall security posture.
**Expectations:**
- Rapid triage and escalation of security alerts across multi‑platform environments (Windows, Linux, macOS, network devices).
- Effective communication of findings to stakeholders and clear documentation of actions.
- Participation in a 24/7 shift rotation, including day and night coverage.
- Continuous learning and application of emerging threat intelligence and defensive strategies.
**Key Responsibilities:**
- Continuously monitor SIEM, SOAR, EDR, and XDR alerts for suspicious activity.
- Triage, analyze, and document security incidents, producing incident reports and actionable remediation plans.
- Apply MITRE ATT&CK and Cyber Kill Chain frameworks to classify adversary tactics and techniques.
- Conduct in‑depth post‑incident investigations and maintain evidence integrity.
- Support vulnerability management and proactive threat hunting initiatives.
- Incorporate threat intelligence to anticipate and mitigate emerging risks.
- Collaborate with security teams to enhance detection rules, playbooks, and automation.
- Maintain accurate, auditable records of investigations, incidents, and response activities.
**Required Skills:**
- Strong analytical and problem‑solving abilities with attention to detail.
- Proficiency in reading and interpreting logs and alerts from SIEM systems.
- Familiarity with common attack vectors, Indicators of Compromise (IOCs), and threat landscapes.
- Networking fundamentals: TCP/IP, DNS, HTTP, and OSI model.
- Effective written and verbal communication for documentation and reporting.
- Experience with at least one SIEM/SOAR platform (Splunk, QRadar, Microsoft Sentinel, Palo Alto XSIAM, or equivalent).
- Understanding of SOC processes, playbooks, and automation concepts.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related discipline.
- Ability to obtain or hold relevant security clearance (e.g., government or corporate).
---