Security Operations Analyst

About the Role

We are looking for a Security Operations Analyst to act as the first point of contact for IT infrastructure security alerts from IDS and IPS tools, as well as providing monitoring and support functions for IT infrastructures. You’ll be part of a cross-functional team that’s responsible for the security, availability and good functioning of the systems and services. As a Security Operations Analyst, you should be able to produce clear and comprehensive documentation based on the analyses you perform across various security cases and reports, including your conclusions, findings and recommendations for improving system security. You should also be a team player with a knack for preventing any security incidents and maintaining operational services.

We have business hours and out of hours (night & weekend shifts) positions within this team.

Responsibilities

• Triage and investigate SIEM alerts and service health alerts (e.g., from SCOM, Azure Monitor) within defined SLAs, using structured workflows and escalation protocols.
• Perform in-depth analysis of incidents escalated from Tier 1, determining impact, scope and severity based on contextual log correlation and system/user behaviour.
• Contact users or asset owners (as needed) to gather context, confirm suspicious activity, or initiate response steps, using official communication channels and timelines.
• Execute initial containment and remediation actions such as host isolation, user account lockdowns, or firewall rule updates, based on alert type and criticality.
• Escalate complex or ambiguous incidents to Tier 3 with complete investigation context, artifacts, and documented evidence.
• Respond to client or stakeholder queries within SLA using Teams, email or ticketing systems, ensuring traceable and professional communication.
• Take ownership of assigned incidents from triage to closure, documenting all investigation steps, decisions, indicators, response actions and final resolution.
• Apply appropriate classification to each alert or incident, following taxonomy and closure guidelines.
• Identify and report recurring false positives, benign positives or detection gaps to senior analysts or engineering for potential tuning, suppression, or automation.
• Provide input to improve detection rules and playbooks by flagging alert noise, detection gaps or process inefficiencies observed during investigations.
• Assist in cross-case correlation efforts by linking related activity across systems, hosts or users that may indicate larger attack campaigns.
• Participate in the testing and implementation of new tools, features or integrations; validate their behaviour in live environments as part of internal projects.
• Perform cleanup and hygiene tasks across tools and ticketing systems, including queue management, alert deduplication or suppression handling as delegated.
• Work with engineering or senior staff to troubleshoot minor tool issues, validate data sources and provide operational feedback for improvements.
• Maintain up-to-date documentation of recurring issues, workarounds and investigation patterns that help improve team knowledge and efficiency.
• Follow all internal policies, compliance requirements and operational procedures as defined by SOC governance.
• Carry out any additional tasks assigned by Senior analysts or SOC leadership in support of continuous improvement, coverage or client satisfaction.
• Consistently meet all defined SOC KPIs and SLAs to ensure reliable, high-quality operational performance.
• Maintain full adherence to internal SOC policies, procedures and compliance requirements.
• Support SOC and IT teams proactively, delivering at least one meaningful improvement to a security tool, detection, or workflow.
• Continuously monitor Microsoft Defender Threat Analytics and other internal threat intelligence platforms to stay informed on active campaigns and trends.
• Contribute to the SOC Knowledge Base by regularly updating, creating or archiving documentation to ensure accuracy and relevance.
• Strengthen technical expertise by completing one cybersecurity-related course and earning an intermediate/associate-level certification, as agreed with the SOC Team Lead / SOC Manager.
• Develop deep understanding of all security tools and technologies used in the SOC, including hands-on familiarity with their use cases and limitations.
• Actively use the organization's learning platform to complete relevant self-study modules focused on SOC technologies and operations.
• Stay current on emerging threats, vulnerabilities, and campaigns by subscribing to cybersecurity newsletters, RSS feeds, and vendor updates.

Qualifications

• Strong knowledge of networking: TCP / IP and IP, routing protocols.
• Knowledge of Microsoft Server and adjacent products, including Microsoft Windows OS and Server, Microsoft Exchange Online, Azure Cloud environment, Microsoft 365 services, Defender Suite, Intune, Conditional Access.
• Microsoft Office Suite skills, proficiency especially in Word, Outlook and Excel.
• Good to have one of the certifications: CCNA, CCNP, SC-200, AZ-*, SC-*, Comptia Security *, CEH, OffSec.
• Good knowledge about Kerberos, SAML authentication protocols and other authentication technologies.
• Customer-oriented attitude for understanding the client’s demands.
• Good time-management skills and open-minded attitude.
• Good analytical skills and results-oriented thinking.
• Team spirit with a proactive attitude.
• Fluency in English.

Key skills/competency

• Security Operations
• Incident Response
• SIEM Analysis
• Network Security
• Azure Security
• Microsoft Defender
• Threat Intelligence
• Log Correlation
• Documentation
• IT Infrastructure Security