SOC Analyst-Tier 1 (R-00068)
True Zero Technologies- Full Time
- Junior (1 to 2 years)
Candidates should possess 1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment while working daily with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis. Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.) is required, along with a solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP). Proficiency with search/query languages (LQL, SPL, KQL, SQL etc.) to enrich alerts and investigate indicators, mapping findings to MITRE ATT&CK techniques is also necessary.
The Incident Response Analyst will provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats. They will gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact, execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success. The Analyst will escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution. They will consistently meet or exceed response-time targets for critical and high-urgency tickets, record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations, identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity, and participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.
Cloud-native endpoint security solutions provider
CrowdStrike specializes in cybersecurity, focusing on protecting businesses from cyber threats through cloud-native endpoint security solutions. Their main product, the Falcon platform, includes services like Falcon Pro, which replaces traditional antivirus with next-generation antivirus that integrates threat intelligence, Falcon Insight for endpoint detection and response, and Falcon Device Control to manage connected devices. Unlike many competitors, CrowdStrike's services are subscription-based, allowing clients to choose different levels of protection based on their needs. The company serves a diverse clientele, including many Fortune 100 companies, and is recognized as a leader in the cybersecurity field, known for its effectiveness in threat detection and response.