SOC Analyst - SIEM Tools

Title : SOC Analyst

Function : Cyber Security Operations / Managed Detection and Response (MDR)

Experience : 3-5 Years

Role Summary

The SOC Analyst serves as the primary technical interface between the client's onsite security team and the Managed Detection and Response (MDR) or Security Operations Center (SOC) teams, ensuring seamless integration and effective incident handling.

This role demands hands-on expertise in security platforms, particularly FortiSIEM and EDR solutions, combined with practical knowledge of network architecture, including firewall, switching, and routing configuration.

The analyst is critical for timely incident coordination, triage validation, and providing technical insights on threat trends and security posture enhancement.

Primary Responsibilities

• Act as the dedicated onsite point of contact for the customer, bridging technical communication between the client's IT teams and the Global SOC / MDR analysts during investigation and remediation phases.
• Coordinate and meticulously track the entire incident response lifecycle, including initial alert triage, technical validation of security incidents, evidence gathering, and timely escalation to L2 / L3 teams per established playbooks.
• Support the technical onboarding of new log sources (e.g., cloud flow logs, application logs, security appliance feeds) into the SIEM platform, ensuring proper parsing, normalization, and asset visibility updates for accurate correlation.
• Implement and validate necessary configuration changes within SIEM, SOAR, and MDR workflow platforms to optimize detection rules, suppression logic, and automated response capabilities.
• Perform in-depth technical review and validation of security alerts, incident tickets, and operational reports generated by the MDR platform, ensuring the accuracy of threat containment and investigation data.
• Provide actionable insights to customer stakeholders on emerging incident trends, evolving threat patterns, and the overall effectiveness of security controls during customer review meetings.
• Ensure immediate and timely technical communication of critical incidents (e.g., confirmed breaches, ransomware activity) to key internal and external stakeholders using predefined communication protocols.
• Maintain and technically update all operational documentation, including detailed investigation procedures, runbooks for automated workflows, and standardized reporting templates.
• Collaborate directly with customer IT / security teams during joint investigations, guide technical remediation efforts, and provide necessary evidence and reports for compliance and internal audits.
• Actively utilize FortiSIEM for advanced query writing, dashboard creation, and rule tuning, leveraging integrated EDR platforms to perform endpoint threat hunting and deeper root cause analysis.
• Install, configure, and manage high-availability firewalls (specifically FortiGate models), developing intricate security policies, VPNs, and traffic shaping rules to enforce stringent network protection.
• Demonstrate proficiency in secure switching and routing principles, ensuring that network architecture supports secure segmentation, access control lists (ACLs), and traffic flow efficiency for optimal security sensor placement.

Required Technical Skills

Preferred Skills :

(ref : hirist.tech)