SOC Analyst-Tier 1 (R-00068)
True Zero TechnologiesSalary not specified
- Full Time
- Junior (1 to 2 years)
Not SpecifiedCompensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
CybersecurityIndustries
Requirements
Candidates should possess 1–3 years of hands-on SOC experience performing alert triage, incident handling, and first-responder containment while working daily with SIEM/SOAR, EDR, IDS/IPS, firewalls/proxies, email-security tools, and deep log analysis. Practical knowledge of Windows, macOS, and Linux internals and logging (Event Logs, Sysmon, auditd, etc.) is required, along with a solid grasp of TCP/IP, OSI layers, and common protocols (HTTP/S, DNS, SMTP). Proficiency with search/query languages (LQL, SPL, KQL, SQL etc.) to enrich alerts and investigate indicators, mapping findings to MITRE ATT&CK techniques is also necessary.
Responsibilities
The Incident Response Analyst will provide continuous coverage for SIEM/SOAR, EDR, network, cloud, and email-security consoles; rapidly validate alerts, enrich with context, suppress false positives, and act on confirmed threats. They will gather evidence from logs, host telemetry, and threat-intel feeds to determine scope, severity, and business impact, execute pre-approved playbook actions (host isolation, account disablement, phishing-email purge, firewall block, etc.) and confirm containment success. The Analyst will escalate high-severity or complex incidents to senior analysts/IR leadership, providing concise incident summaries and proposed mitigation steps while staying engaged through resolution. They will consistently meet or exceed response-time targets for critical and high-urgency tickets, record investigative steps, evidence, and decisions in the ticketing system; deliver clear shift-handoff notes to support 24x7 operations, identify noisy rules, false-positive trends, blind spots, or missing log sources; collaborate on custom detections and log-source onboarding to improve alert fidelity, and participate in the refinement of existing runbooks, draft new ones, and champion automation opportunities that reduce analyst toil.
Skills
Incident Response
Alert Investigation
Live Response
Containment
Endpoint Telemetry
Log Analysis
Security Operations
Threat Detection
Malware Analysis
Crowdstrike
Cloud-native endpoint security solutions provider
About Crowdstrike
CrowdStrike specializes in cybersecurity, focusing on protecting businesses from cyber threats through cloud-native endpoint security solutions. Their main product, the Falcon platform, includes services like Falcon Pro, which replaces traditional antivirus with next-generation antivirus that integrates threat intelligence, Falcon Insight for endpoint detection and response, and Falcon Device Control to manage connected devices. Unlike many competitors, CrowdStrike's services are subscription-based, allowing clients to choose different levels of protection based on their needs. The company serves a diverse clientele, including many Fortune 100 companies, and is recognized as a leader in the cybersecurity field, known for its effectiveness in threat detection and response.
Key Metrics
Austin, TexasHeadquarters
2011Year Founded
$468MTotal Funding
IPOCompany Stage
Enterprise Software, CybersecurityIndustries
5,001-10,000Employees