Monitor security alerts and logs from various sources such as SIEM, IDS/IPS, firewalls, and endpoint protection platforms.
Analyze and investigate potential security incidents to determine impact and root cause.
Perform initial triage and escalation of security events according to defined procedures.
Collaborate with IT and security teams to contain, remediate, and recover from security incidents.
Conduct vulnerability assessments and support patch management processes.
Maintain documentation for incidents, investigations, and mitigation actions.
Develop and implement security monitoring rules and use cases to improve detection capabilities.
Participate in threat hunting and proactive security assessments.
Stay up-to-date with emerging threats, vulnerabilities, and security technologies.
Support compliance and audit requirements by providing necessary security reports and evidence.

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.
2+ years of experience in security operations, incident response, or cybersecurity monitoring roles.
Hands-on experience with SIEM tools (e.g., Splunk, QRadar, ArcSight).
Familiarity with network security technologies (firewalls, IDS/IPS, VPN).
Knowledge of endpoint security solutions and malware analysis basics.
Understanding of security frameworks such as NIST, ISO 27001, or CIS Controls.
Strong analytical, problem-solving, and communication skills.
Ability to work in a 24x7 shift environment if required.

Certifications such as CEH, CompTIA Security+, GIAC GSEC, or CISSP (Associate).
Experience with threat intelligence platforms and automation tools (SOAR).
Knowledge of scripting languages (Python, PowerShell) for automation and analysis.
Familiarity with cloud security concepts and tools (AWS, Azure Security Center).
Experience with vulnerability management tools and processes.

Security Operations Analyst