L1 SOC Analyst

Role Purpose

The L1 SOC Analyst serves as the first line of cybersecurity defense by monitoring, triaging, and escalating security alerts across multiple clients and environments. This role ensures timely detection, documentation, and escalation of potential security incidents while maintaining high service delivery standards and adhering to SOC processes and SLAs.

Key Responsibilities

• Monitor SIEM alerts and dashboards on Time
• Perform in depth investigation and classification of alerts
• Escalate incidents to L2 SOC Analysts
• Document incidents and maintain shift logs
• Follow SOC runbooks and escalation matrix
• Conduct log searches and IOC checks
• Support basic response actions as guided
• SOAR playbook enrichment & automation tuning

Technical Skills

• Understanding of cybersecurity concepts
• Familiarity with SIEM/SOAR tools (Microsoft Sentinel, QRadar, Elastic, Splunk)
• Familiarity with MITRE ATT&CK, log analysis, scripting (preferred)
• Basic knowledge of Windows/Linux logs
• Networking fundamentals (TCP/IP, VPN, DNS)
• Query Language  knowledge (KQL, AQL)
• Proactive Threat hunting skills is a plus
• SOAR playbooks design and creation is a plus

Soft Skills

• Analytical mindset and attention to detail
• Flexible to learn new things
• Good communication & documentation skills
• Ability to work under pressure and follow procedures

Experience & Certifications

Preferred:

• 1–3 years of cybersecurity or IT security experience
• Degree in IT/Cybersecurity or equivalent
• Certifications: Security+, SC‑900/SC‑200, CCNA CyberOps, CEH (Plus)
• Proficiency in Arabic (both written and verbal) is required

Shift Requirements

• 24/7 rotating shifts
• Weekend/holiday coverage as per schedule