Information Security Analyst

·       Monitor information security events via SIEM systems.

·       Detect anomalous activity, potential threats, and policy violations.

·       Perform triage and escalate incidents following response playbooks.

·       Conduct incident analysis: assess risk, identify threat sources, and determine impact.

·       Investigate incidents across categories: malware, phishing, data breaches, insider threats.

·       Support incident containment, eradication, and recovery processes.

·       Hunt for indicators of compromise (IoCs, TTPs) using the MITRE ATT&CK framework.

·       Analyze logs from network devices, endpoints, servers, and cloud platforms.

·       Filter false positives and fine-tune correlation rules.

·       Maintain incident records and prepare investigation timelines and reports.

·       Deliver regular reports on security posture and threat trends.

·       Recommend improvements to detection logic, playbooks, and response workflows.

·       Test and integrate new data sources with SIEM/SOAR platforms.

·       Collaborate with IT, DevOps, and infrastructure teams to contain and resolve threats.

Escalate advanced cases to senior analysts or security engineers.

·       Minimum 3 years of hands-on experience in a Security Operations Center (SOC) or similar cybersecurity analyst role.

·       Proven experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, ArcSight) for event monitoring and investigation.

·       Practical skills in incident triage, alert validation, and escalation using defined playbooks.

·       Solid understanding of incident response processes, including containment, eradication, and recovery.

·       Experience in root cause analysis and identifying threat vectors in real-world incidents.

·       Proficiency in threat hunting and working with IoCs, TTPs, and the MITRE ATT&CK framework.

·       Competence in log analysis from firewalls, IDS/IPS, endpoints, servers, and cloud platforms (e.g., Azure, AWS).

·       Experience in tuning detection rules and improving correlation logic to reduce false positives.

·       Awareness of modern cyber threats, malware behavior, and threat intelligence fundamentals.

·       Familiarity with SOAR and EDR platforms and automated response workflows.

·       Understanding of cloud security and vulnerability management.

·       Bachelor’s degree in computer science, cybersecurity, cnformation technology, or a related field is required.

·       Master's degree or industry certifications (e.g., CompTIA Security+, CEH, GCIA, GCIH) are a strong plus.