SOC LEVEL 1 ANALYST

Ontrac Solutions is looking for a SOC Level 1 Analyst to join a cybersecurity operations environment supporting large-scale enterprise infrastructure and security operations.

This role is ideal for someone with a solid cybersecurity foundation who wants hands-on exposure to modern SOC operations, incident monitoring, and enterprise-grade security tooling in a fast-paced operational environment.

Conversational English Required

• Monitor alerts across SIEM, EDR, Microsoft Defender, Threat Intelligence, and other SOC platforms
• Identify suspicious activities including phishing attempts, malware, brute-force attacks, unauthorized access, and abnormal behavior
• Perform first-level triage and validation of security alerts
• Differentiate false positives from legitimate security incidents requiring escalation
• Analyze logs and events from firewalls, IDS/IPS, IAM, endpoints, applications, and integrated security systems
• Correlate events from multiple sources to support initial investigations

• Collect and document indicators of compromise (IoCs), IP addresses, hashes, timestamps, and relevant evidence
• Create, update, and maintain structured incident tickets and investigation notes
• Escalate validated or high-risk incidents to SOC L2 teams in line with operational procedures
• Ensure proper incident follow-up and operational traceability

• Handle SOC requests received through email, SOAR, ServiceNow, or other operational channels
• Perform daily health checks across security monitoring platforms
• Identify inactive or non-reporting assets and follow up with relevant infrastructure or support teams
• Participate in shift handovers and contribute to operational continuity across 24/7 coverage
• Support operational reporting related to alerts, escalations, SLA tracking, and incident trends

• Identify recurring or noisy alerts impacting SOC efficiency
• Contribute recommendations for improving correlation rules, use cases, and operational procedures
• Support documentation updates and SOC process improvements

• Good understanding of cybersecurity fundamentals and SOC operations
• Basic knowledge of networking, systems administration, identity management, cloud environments, and security monitoring tools
• Ability to read, analyze, and document security alerts and logs
• Strong attention to detail and ability to follow operational procedures under pressure
• Good written communication and reporting skills
• Ability to work in a shift-based 24/7 operational environment

• Exposure to SIEM, EDR, Microsoft Defender, SOAR, or ServiceNow environments
• Previous experience in a SOC, NOC, or cybersecurity monitoring role
• Certifications such as:
  • CompTIA Security+
  • Microsoft SC-200
  • Google SecOps
  • or equivalent cybersecurity certifications

• Exposure to enterprise-scale cybersecurity operations
• Hands-on experience with modern SOC tooling and processes
• Opportunity to grow within cybersecurity operations and incident response environments
• Structured onboarding and continuous learning opportunities
• Collaborative and fast-paced operational environment