Role Description Join a highly skilled and motivated team of Cyber Security Professionals tasked with protecting Coretek and its customers. The Cyber Security Analyst Level 1 (SOC Analyst L1) is an entry-level role responsible for the initial detection, triage, and response to security alerts. This includes: - Monitoring security tools - Performing basic analysis to identify false positives - Following predefined playbooks for initial response - Escalating complex or high-priority incidents to Level 2 analysts with detailed documentation Analysts will leverage SIEM/SOAR platforms, cyber case management, and supplementary tools to investigate, contain, and remediate cyber security incidents. The role requires a drive to learn and grow as the industry and Coretek evolve rapidly. Coretek recognizes candidates may lack some skills for this unique service provider role and will train and develop the right fit. Desire to learn and collaborate within a team is essential. Skills from other disciplines demonstrate adaptability and are welcome. Formal education or self-taught backgrounds are valued. Structured training and on-the-job experience will prepare analysts for the complex requirements and fast-paced environment of a service provider. Analysts must adapt to industry changes. Qualifications - Familiarity with SIEM (e.g., Elastic, Splunk, QRadar), firewalls, IDS/IPS, and endpoint tools - Basic knowledge of networking like TCP/IP, DNS, VPN, and protocols (HTTP, FTP) - Awareness of common threats (phishing, malware, DDoS) and attack vectors - Ability to triage alerts, separating false positives from real threats - Skill in following playbooks and SOPs for initial response and remediation - Strong attention to detail for monitoring events and spotting anomalies - Clear documentation of incidents, timestamped for audits or escalations - Effective communication to report findings and escalate to Level 2 - Team collaboration, especially in incident scenarios - Handle multiple tasks in a high-pressure, dynamic environment - Willingness for 24/7 shifts, including nights and weekends - Sense of urgency and duty in incident response - Composure under pressure during active incidents Requirements - Monitor alerts from SIEM, firewalls, IDS/IPS, and other systems to spot incidents - Triage alerts by severity, impact, and urgency using set criteria - Collect initial alert details like source, target, timestamp, and logs - Use playbooks and SOPs for preliminary analysis to check for false positives or escalation needs - Perform containment actions per playbooks, such as blocking IPs or isolating systems - Verify remediation effectiveness and document actions with timestamps - Collaborate with teams to solve blockers innovatively - Escalate advanced incidents based on severity, impact, or complexity thresholds - Provide detailed logs, analysis, and context for smooth handoff to Level 2 - Notify Level 2 or response teams quickly, noting urgency and risks - Document incidents accurately per SOC standards, including alerts and outcomes - Keep records organized, timestamped, and accessible for audits - Update supervisors and Level 2 on status, key findings, and actions needed Benefits - Structured training and on-the-job experience Shift Specifics - 7 a.m. - 7 p.m. Mon-Tues-Wed - 7 a.m. - 7 p.m. Sun-Mon-Tues every third or 4th week Education and Training - Degree in cybersecurity, IT, related field preferred, or equivalent experience - Entry-level certs like CompTIA Security+, Cisco CCNA, or equivalent experience - Security certifications desired