SOC Analyst/Incident Response Analyst

Job Overview

A growing technology services organization is looking for a SOC Analyst / Incident Response Analyst to support cybersecurity monitoring and incident validation activities during critical off-hour operations, including nights and weekends. This role serves as a first-line defense function responsible for identifying, investigating, and escalating potential security threats across multiple security and identity platforms.

The successful candidate will perform initial alert triage, validate suspicious activities, and coordinate escalations to the Incident Response team for confirmed threats.

• Monitor and review security alerts generated from SIEM, identity management, endpoint protection, password management, and cloud collaboration platforms
• Investigate alerts related to:
• Identity and authentication anomalies
• Compromised credentials or password-related incidents
• Impossible travel and restricted-country access events
• Privileged or administrator account creation activities
• Suspicious account access and administrative actions
• Potential unauthorized access or malicious behavior across enterprise systems
• Utilize ticketing and workflow automation platforms to track, validate, and document alerts

• Conduct manual investigations using security monitoring and log analysis tools
• Review and correlate security logs, endpoint activity, and system events to validate incidents
• Determine whether security events are false positives or confirmed threats
• Reconstruct user and system activity through available logs and telemetry data
• Coordinate with on-call Incident Response personnel during active investigations

• Escalate validated security incidents to the Incident Response team following established escalation procedures
• Prepare concise handoff summaries including affected users, systems, IP addresses, and relevant investigation findings
• Maintain accurate and detailed documentation within ticketing and incident management systems
• Ensure timely communication and escalation of critical security events

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field
• At least 1–2 years of experience in a SOC, Incident Response, Cybersecurity Operations, or similar technical security role

• Experience in security alert triage and incident investigation
• Familiarity with SIEM tools and log analysis methodologies
• Basic understanding of endpoint detection and response (EDR) platforms
• Ability to investigate suspicious user and system activity using log data
• Experience documenting incidents and communicating findings clearly
• Strong analytical and problem-solving skills
• Ability to work independently during off-hour support windows

• Strong attention to detail and investigative mindset
• Ability to manage multiple alerts and incidents simultaneously
• Effective written communication and incident reporting skills
• Comfortable working in a fast-paced security operations environment
• Willingness to work rotating night and weekend schedules as required