**Introduction** We are looking for an L1 SOC Analyst (Threat Monitoring) to join our Security Operations Center (SOC) team. As an L1 Analyst, you will play a crucial role in monitoring, analyzing, and responding to security alerts, ensuring swift incident detection and escalation. This is an exciting opportunity for those who want to build a career in cybersecurity while working with cutting-edge security tools and methodologies. **Your role and responsibilities** * Monitor security alerts in real-time from SIEM and other security tools. * Perform Level 1 triage of security incidents by analyzing logs, network traffic, and endpoint events. * Investigate suspicious activity and escalate security events according to SOC guidelines. * Analyze and correlate security data from multiple sources to identify potential threats. * Coordinate with Level 2 and Level 3 analysts for complex investigations. * Escalate high-priority incidents and provide detailed incident reports. * Monitor the health of SIEM alerts and dependencies to ensure continuous security monitoring. * Assist in forensic investigations by gathering relevant security logs and evidence. * Identify and report false positives to fine-tune security monitoring rules. * Work within a ticketing system to document findings, actions, and resolutions. * Provide security recommendations for improving detection capabilities and security policies. * Support compliance and audit activities by maintaining security logs and incident documentation. **Required technical and professional expertise** * Basic to Intermediate knowledge of network security, TCP/IP, and troubleshooting. * Familiarity with SIEM platforms such as IBM QRadar, Splunk, ArcSight, Microsoft Sentinel, or LogRhythm. * Understanding of log analysis and ability to interpret system, network, and security logs. * Knowledge of firewalls, IDS/IPS, endpoint security, and anti-malware solutions. * Familiarity with MITRE ATT&CK Framework for understanding adversary tactics and techniques. * Basic knowledge of cybersecurity frameworks such as NIST Cybersecurity Framework, CIS Controls, and ISO 27001. * Ability to identify and investigate phishing emails and suspicious file activity. * Familiarity with incident response processes and escalation procedures. * Basic knowledge of Linux/Unix and Windows operating systems. * Understanding of common network services (web, mail, DNS, authentication). * Knowledge of vulnerability management and basic remediation steps. * Understanding of threat intelligence sources and how they apply to SOC operations. * Strong analytical and problem-solving skills. * Excellent written and verbal communication skills. **Preferred technical and professional experience** * CompTIA Security* Certified SOC Analyst (CSA) * Microsoft Security Operations Analyst (SC-200) * GIAC Security Essentials (GSEC) * IBM QRadar SIEM Training * MITRE ATT&CK Defender (MAD) Certifications IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.