What You’ll Do (Core Responsibilities)

📍24/7 monitoring and alert triage across SIEM/EDR/cloud security tooling; identify false positives vs. credible threats and set appropriate severity. 📍Initial investigation and enrichment: gather relevant logs/telemetry, add context, and document findings clearly in the case/ticketing system. 📍Escalation and coordination: escalate confirmed/suspected incidents quickly and cleanly to L2/IR with a complete handoff (timeline, scope, IOCs, actions taken). 📍Runbook execution: follow SOPs for common events (phishing, suspicious logins, endpoint detections, cloud key/token risk, malware alerts, data exfiltration signals), including containment actions you’re authorized to perform. 📍Threat-aware analysis: map alerts to adversary behaviors (e.g., MITRE ATT&CK techniques) to improve understanding and escalation quality. 📍Operational hygiene: maintain accurate shift handovers, update watchlists and investigation notes, and identify recurring alert patterns for tuning recommendations.

What We’re Looking For (Minimum Qualifications)

📍0–2 years in a SOC / security monitoring / IT operations role (or equivalent hands-on experience, internships, labs). 📍Practical knowledge of security fundamentals: networking, DNS, HTTP(S), identity/authentication, and malware basics. 📍Familiarity with log investigation and event triage concepts. 📍Familiarity with common security tools and workflows (any of the following): SIEM (Splunk/Elastic/Sentinel), EDR (CrowdStrike/Defender), ticketing (Jira/ServiceNow), basic SOAR concepts. 📍Strong written communication: produce clear, escalation-ready tickets and timelines. 📍Ability to work rotating shifts/on-call (as required), including weekends/holidays depending on coverage model.

If you’re passionate about blockchain and decentralized technologies, explore more opportunities in web3 and cryptocurrency careers.