Job Summary

The SIEM L1 Analyst is responsible for real-time monitoring, initial analysis, and triaging of security alerts generated by SIEM platforms. The role forms the first line of defense in a SOC, ensuring timely detection and escalation of potential security incidents.

Monitor SIEM dashboards for security alerts and events on a 24×7 basis\\\\r\\\\n• Perform initial triage and analysis of alerts to identify potential threats\\\\r\\\\n• Classify and prioritize incidents based on severity and impact\\\\r\\\\n• Escalate confirmed or suspicious incidents to L2/L3 teams as per SOP\\\\r\\\\n• Follow standard operating procedures (SOPs) and playbooks for incident handling\\\\r\\\\n• Review logs from multiple sources: \\\\r\\\\no Servers (Windows/Linux)\\\\r\\\\no Network devices (Firewall, IDS/IPS)\\\\r\\\\no Applications and cloud platforms\\\\r\\\\n• Identify false positives and fine-tune alerts (as applicable)\\\\r\\\\n• Document incidents, actions taken, and findings in ticketing systems\\\\r\\\\n• Generate daily/weekly security monitoring reports\\\\r\\\\n• Ensure adherence to SLA and response timelines\\\\r\\\\n

Key Responsibilities

Monitor SIEM dashboards for security alerts and events on a 24×7 basis • Perform initial triage and analysis of alerts to identify potential threats • Classify and prioritize incidents based on severity and impact • Escalate confirmed or suspicious incidents to L2/L3 teams as per SOP • Follow standard operating procedures (SOPs) and playbooks for incident handling • Review logs from multiple sources: o Servers (Windows/Linux) o Network devices (Firewall, IDS/IPS) o Applications and cloud platforms • Identify false positives and fine-tune alerts (as applicable) • Document incidents, actions taken, and findings in ticketing systems • Generate daily/weekly security monitoring reports • Ensure adherence to SLA and response timelines

Skill Requirements

Technical Skills Required SIEM Tools • Hands-on or exposure to at least one: o Microsoft Sentinel o Splunk o IBM QRadar o ArcSight Core Security Fundamentals • Basic understanding of: o Cybersecurity concepts (CIA triad, threat landscape) o Security events vs incidents o Common attack vectors (phishing, malware, brute force, etc.) • Knowledge of log analysis and correlation

Other Requirements

Networking & Systems • Basic networking knowledge (TCP/IP, DNS, HTTP, VPN) • Understanding of Windows/Linux logs and event IDs Other Tools • Familiarity with ticketing tools (ServiceNow, Remedy, Jira) • Basic knowledge of endpoint security tools and antivirus logs n/a