SOC Analyst (T1)

As a SOC Analyst, you will be the first line of defense against cybersecurity threats, monitoring security events, investigating suspicious activities, and ensuring timely incident response. Working alongside experienced security professionals, you'll help strengthen Snapp’s security posture and contribute to maintaining a secure, resilient, and reliable platform for millions of users.

• Monitor and analyze security events and alerts in real time, identifying suspicious activities and potential security incidents.

• Perform the initial investigation, triage, and escalation of security incidents in accordance with established Incident Management Processes (IMP).

• Continuously monitor security dashboards and operational tools to ensure the availability and effectiveness of 24/7 SOC operations.

• Analyze network traffic, endpoint telemetry, and security logs to distinguish legitimate threats from false positives and support incident investigations.

• Work with enterprise security technologies, including SIEM, Firewalls, IDS/IPS, Anti-Virus, Active Directory, and cloud security solutions.

• Document security incidents, investigation findings, and operational procedures while maintaining accurate reporting throughout the incident lifecycle.

• Collaborate with security engineers and cross-functional teams to improve detection capabilities, response processes, and operational efficiency.

• Actively contribute to security projects, process improvements, and the continuous enhancement of SOC operations.

• Take ownership of assigned investigations and operational responsibilities, ensuring timely execution and effective communication during security events.

• At least 2 years of hands-on experience in cybersecurity, preferably within a Security Operations Center (SOC), CSIRT, CERT, or Incident Response environment.

• Experience monitoring and investigating security alerts, performing incident triage, log analysis, and network traffic analysis.

• Hands-on experience with Linux and Windows operating systems, including system administration fundamentals and security concepts.

• Strong understanding of networking fundamentals, TCP/IP, common attack vectors, and enterprise security architectures.

• Experience working with SIEM platforms, Firewalls, IDS/IPS, Active Directory, endpoint security solutions, and enterprise or cloud environments.

• Familiarity with one or more programming or scripting languages such as Python or Go, along with working knowledge of Regular Expressions (RegEx).

• Strong analytical, troubleshooting, and problem-solving skills with the ability to prioritize alerts and investigate complex security events.

• Excellent communication skills and the ability to collaborate effectively within a fast-paced, shift-based operational environment.

• Willingness to work rotating shifts as part of a 24/7 Security Operations Center.

Nice To Have

• Industry certifications such as Security+, Network+, CEH, or SANS SEC504.

• Familiarity with the NIST Incident Response Lifecycle, Cyber Kill Chain, and MITRE ATT&CK Framework.

• Experience with Windows and Linux hardening, Sysmon, Auditd, SELinux, and endpoint monitoring technologies.

• Knowledge of web application attacks, cryptography, threat hunting methodologies, and adversary tactics and techniques.

• Previous experience working in large-scale enterprise or cloud-based security environments.