SOC Analyst I (Remote)

About the Role:

The SOC Analyst I is responsible for monitoring, analyzing, and responding to security alerts and incidents within the Security Operations Center. This role serves as the first line of defense, identifying potential threats, conducting initial investigations, and escalating incidents in accordance with defined procedures. While the SOC Analyst I operates within established playbooks and workflows, the role requires analytical thinking, technical judgment, and the ability to assess risk and impact in real time.

What You'll Do:

• Monitor and analyze security alerts and events generated by SIEM, EDR, IDS/IPS, firewall, and cloud security tools to identify potential security incidents and determine appropriate response actions. 
• Perform initial triage and investigation of security events, assessing severity, scope, and potential business impact using defined escalation criteria and professional judgment. 
• Execute initial containment and remediation actions in accordance with established incident response playbooks, including account containment, endpoint isolation, and malicious artifact blocking, while ensuring actions are documented. 
• Analyze security logs and telemetry across endpoints, servers, network devices, and cloud environments to identify anomalies, suspicious behavior, or indicators of compromise. 
• Investigate phishing and email-based threats, including header analysis, link inspection, and attachment detonation, and recommend appropriate response actions. 
• Document incident details, investigation steps, and outcomes in ticketing systems and case management platforms to ensure accurate records and effective handoff to Tier 2 analysts. 
• Collaborate with senior SOC analysts, incident response teams, and engineering resources to support deeper investigations, remediation activities, and incident resolution.
• Support IT Leadership in providing information as it relates to security and compliance topics.
• Maintain awareness of emerging threats, vulnerabilities, and attacker techniques, and contribute observations or improvement suggestions related to detections and response processes. 

Qualifications:

• 2+ years of experience in a Security Operations Center, IT security role, helpdesk, or technical support environment.
• Familiarity with security monitoring tools such as SIEM platforms (e.g., Splunk, Sentinel) and EDR solutions (e.g., CrowdStrike, SentinelOne).
• Basic understanding of networking concepts, including TCP/IP, DNS, firewalls, and common protocols.
• Knowledge of common cyber threats and attack vectors, such as phishing, malware, credential compromise, and ransomware.
• Experience using ITSM or ticketing systems (e.g., ServiceNow, ConnectWise, FreshService).
• Ability to analyze alerts and technical data, apply judgment, and follow defined escalation procedures.
• Strong written and verbal communication skills, with an emphasis on clear documentation.
• Associate degree in cybersecurity, information technology, or a related field, or equivalent practical experience.

Preferred

• Bachelor’s degree in cybersecurity, information systems, or a related discipline, or equivalent work experience.
• Industry certifications such as CompTIA Security+.
• Experience working in a Managed Services Provider (MSP) or customer-facing security environment.
• Familiarity with security frameworks and methodologies such as NIST, MITRE ATT&CK, or CIS Controls.
• Exposure to cloud security concepts or tools (e.g., Azure, AWS, M365 security).