SOC Analyst Level - 1

Blackford Technologies

We are seeking a motivated SOC Analyst L1 to serve as the first line of defense within a modern Security Operations Center. This role is responsible for real-time monitoring, initial alert triage, enrichment, and accurate escalation in accordance with established SOC procedures and response playbooks. The SOC Analyst L1 will work with SIEM, SOAR, EDR, and cloud security tools to identify potential security threats and ensure timely detection.

This position is ideal for individuals beginning their cybersecurity career who are eager to develop strong analytical and operational skills within a structured and supportive SOC environment. The Analyst will collaborate closely with L2 and L3 analysts, Detection Engineers, and Automation Engineers to ensure high-quality outcomes across investigations and daily operations.

• Monitor SIEM alerts, dashboards, and security event queues for suspicious activity.

• Perform initial triage using enrichment procedures, predefined playbooks, and documented SOPs.

• Classify alerts and escalate validated security events to SOC Analyst L2.

• Execute basic investigation steps using SIEM queries, EDR telemetry, and cloud security logs.

• Conduct routine SOC tasks such as tooling health checks, log ingestion verification, and shift handovers.

• Document incident details clearly, ensuring completeness and accuracy in the case management system.

• Support SOAR-driven automation workflows by validating automated outputs and providing feedback for improvement.

• Follow established response workflows and maintain adherence to SOC quality standards.

• Participate in ongoing training, shadowing, and capability development to advance toward L2 analyst responsibilities.

Role Requirements

• 0.5 2 years of experience in cybersecurity or IT operations (SOC experience is a plus).

• Basic understanding of SIEM concepts, log types, and common security event flows.

• Familiarity with security tools such as Microsoft Sentinel, Microsoft Defender, Splunk, or equivalent SIEM/EDR platforms.

• Understanding of Windows/Linux fundamentals, networking basics, and common attack vectors.

• Strong analytical skills, attention to detail, and willingness to learn.

• Ability to follow structured processes and escalate events appropriately.

• Certifications such as Security+, SC-900, or AZ-900 are beneficial but not required.

Technical Skills

• Platforms: Microsoft Sentinel (preferred), Splunk/Elastic familiarity

• Tools: Microsoft Defender, EDR consoles, basic SOAR output review

• Processes: Alert triage, enrichment, classification, escalation

• Knowledge: Security fundamentals, MITRE ATT&CK basics, networking basics

Why Join Us

• Begin your cybersecurity career in a structured and supportive SOC environment.

• Work with a modern toolset including SIEM, SOAR, EDR, and cloud security platforms.

• Receive continuous training, mentoring, and development aligned to SOC career progression.

• Clear pathway to SOC Analyst L2 and specialised roles (Detection, DFIR, Threat Hunting, Automation).

• Join a collaborative and high-performance security organisation focused on growth and capability maturity.