Join a highly skilled and motivated team of Cyber Security Professionals tasked with protecting Coretek and its customers. The Cyber Security Analyst Level 1 (SOC Analyst L1) is an entry-level role responsible for the initial detection, triage, and response to security alerts. This includes monitoring security tools, performing basic analysis to identify false positives, following predefined playbooks for initial response, and escalating complex or high-priority incidents to Level 2 analysts with detailed documentation. Analysts will leverage SIEM/SOAR platforms, cyber case management, and supplementary tools to investigate, contain, and remediate cyber security incidents. The role requires a drive to learn and grow as the industry and Coretek evolve rapidly.
Coretek recognizes candidates may lack some skills for this unique service provider role and will train and develop the right fit. Desire to learn and collaborate within a team is essential. Skills from other disciplines demonstrate adaptability and are welcome. Formal education or self-taught backgrounds are valued. Structured training and on-the-job experience will prepare analysts for the complex requirements and fast-paced environment of a service provider. Analysts must adapt to industry changes.
ESSENTIAL FUNCTIONS:
- Monitor alerts from SIEM, firewalls, IDS/IPS, and other systems to spot incidents
- Triage alerts by severity, impact, and urgency using set criteria
- Collect initial alert details like source, target, timestamp, and logs
- Use playbooks and SOPs for preliminary analysis to check for false positives or escalation needs
- Perform containment actions per playbooks, such as blocking IPs or isolating systems
- Verify remediation effectiveness and document actions with timestamps
- Collaborate with teams to solve blockers innovatively
- Escalate advanced incidents based on severity, impact, or complexity thresholds
- Provide detailed logs, analysis, and context for smooth handoff to Level 2
- Notify Level 2 or response teams quickly, noting urgency and risks
- Document incidents accurately per SOC standards, including alerts and outcomes
- Keep records organized, timestamped, and accessible for audits
- Update supervisors and Level 2 on status, key findings, and actions needed