Ontrac Solutions is looking for a SOC Level 1 Analyst to join a cybersecurity operations environment supporting large-scale enterprise infrastructure and security operations.
This role is ideal for someone with a solid cybersecurity foundation who wants hands-on exposure to modern SOC operations, incident monitoring, and enterprise-grade security tooling in a fast-paced operational environment.
Conversational English Required
Key Responsibilities
Security Monitoring & Incident Triage
- Monitor alerts across SIEM, EDR, Microsoft Defender, Threat Intelligence, and other SOC platforms
- Identify suspicious activities including phishing attempts, malware, brute-force attacks, unauthorized access, and abnormal behavior
- Perform first-level triage and validation of security alerts
- Differentiate false positives from legitimate security incidents requiring escalation
- Analyze logs and events from firewalls, IDS/IPS, IAM, endpoints, applications, and integrated security systems
- Correlate events from multiple sources to support initial investigations
Incident Documentation & Escalation
- Collect and document indicators of compromise (IoCs), IP addresses, hashes, timestamps, and relevant evidence
- Create, update, and maintain structured incident tickets and investigation notes
- Escalate validated or high-risk incidents to SOC L2 teams in line with operational procedures
- Ensure proper incident follow-up and operational traceability
Operational Support
- Handle SOC requests received through email, SOAR, ServiceNow, or other operational channels
- Perform daily health checks across security monitoring platforms
- Identify inactive or non-reporting assets and follow up with relevant infrastructure or support teams
- Participate in shift handovers and contribute to operational continuity across 24/7 coverage
- Support operational reporting related to alerts, escalations, SLA tracking, and incident trends
Continuous Improvement
- Identify recurring or noisy alerts impacting SOC efficiency
- Contribute recommendations for improving correlation rules, use cases, and operational procedures
- Support documentation updates and SOC process improvements
Qualifications
- Good understanding of cybersecurity fundamentals and SOC operations
- Basic knowledge of networking, systems administration, identity management, cloud environments, and security monitoring tools
- Ability to read, analyze, and document security alerts and logs
- Strong attention to detail and ability to follow operational procedures under pressure
- Good written communication and reporting skills
- Ability to work in a shift-based 24/7 operational environment
Nice to Have
- Exposure to SIEM, EDR, Microsoft Defender, SOAR, or ServiceNow environments
- Previous experience in a SOC, NOC, or cybersecurity monitoring role
- Certifications such as:
- CompTIA Security+
- Microsoft SC-200
- Google SecOps
- or equivalent cybersecurity certifications
What We Offer
- Exposure to enterprise-scale cybersecurity operations
- Hands-on experience with modern SOC tooling and processes
- Opportunity to grow within cybersecurity operations and incident response environments
- Structured onboarding and continuous learning opportunities
- Collaborative and fast-paced operational environment
