SOC/NOC Tier 1 Analyst

The next-generation SOC/NOC Tier 1 serves as the first line of defense in the security and operations monitoring model, working with alerts that have been pre-processed by AI (AI-triaged alerts).
The role focuses on validation, accurate classification, reducing false positives, and ensuring proper escalation to Tier 2/3 teams.

Monitoring & Handling AI-Triaged Alerts:

• Monitor and handle SOC/NOC alerts that have been preliminarily classified by AI.
• Re-check the accuracy of:
  • Security alerts
  • Operational alerts
• Determine the severity level (Severity Validation).
• Perform triage according to standardized playbooks.
• Escalate critical events to the Tier 2 or Incident Response (IR) team.

False Positive Validation:

• Analyze logs and perform event correlation to determine:
  • False Positive
  • Benign True Positive
  • Malicious Activity
• Compare findings with the system baseline.
• Record notes and update information to support detection tuning.
• Collaborate with Detection Engineers to improve detection rules.

SIEM System Usage & Operations:

• Be proficient in using Elasticsearch within a a SIEM environment.
• Query logs using:
  • KQL / DSL queries
• Review:
  • Authentication logs
  • Network logs
  • Application logs
• Search for Indicators of Compromise (IOC) and abnormal patterns.

Required Foundational Knowledge:

Computer Networking

• TCP/IP, OSI model
• DNS, HTTP/HTTPS, SMTP
• Firewall, IDS/IPS
• VPN, NAT

Network Security

• Brute force attacks
• Port scanning
• Lateral movement
• C2 traffic
• Basic threat patterns

Application Security

• Understanding of the OWASP Top 10.
• Ability to identify:
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Broken Authentication
  • Remote Code Execution (RCE)
• Ability to read and understand application logs related to security vulnerabilities.

Experience

• Students or graduates majoring in Information Security or Information Technology are preferred.
• Having personal hands-on labs or practical security environments is an advantage.

Technical Skills

• Ability to use SIEM tools (Elasticsearch is a plus).
• Ability to read and analyze basic logs.
• Ability to write log search queries.
• Understanding of basic Incident Response processes.
• Strong analytical thinking and the ability to avoid “blind trust” in AI outputs.

Soft Skills

• Careful and detail-oriented.
• Critical thinking mindset.
• Ability to work in shifts (shift-based).
• Clear documentation and reporting skills.

• False Positive validation accuracy ≥ 95%.
• Average alert handling time (MTTA).
• Correct escalation rate.
• Number of rule improvement proposals per quarter.
• Compliance with established processes and playbooks.

• Competitive salary package (Base salary and performance bonuses).
• Probation period salary is 100% of the official salary.
• Comprehensive health and accident insurance.
• 15 days of annual leave, 3 remote work days per month.
• Provision of work equipment (Macbook/ Laptop, mouse, monitor, etc.).
• A creative and modern working environment.