Intertec Systems
Job Purpose:
L1 SOC Analyst – XDR Platform – L1 SOC Analyst to provide 24×7 security monitoring and support for Extended Detection and Response (XDR) platform. This role is the first line of defense in identifying, triaging, and escalating potential security incidents, ensuring threats are addressed quickly and effectively. Qualification:
Graduate Experience: 5+ Certification: CompTIA CySA+ / Security+ / CEH Splunk Core Certified User / Power User Microsoft AZ-500 / SC-200 Responsibilities: Security Monitoring & Incident Handling Triage and investigate escalated alerts from SIEM, XDR (CrowdStrike), EDR, email, and network security tools. Perform log correlation and in-depth investigations using Splunk/Elastic dashboards and queries. Handle incidents across endpoints, cloud (Azure/OCI/GCP), email, DLP, and network layers. Respond to phishing, malware, unauthorized access, and insider threat alerts. Support forensic triage using EDR tools and sandbox results (e.g., Falcon Sandbox). SOC Engineering & SIEM Operations Create, fine-tune, and optimize detection rules and dashboards in
Splunk . Maintain and troubleshoot Splunk forwarders, heavy forwarders, and dashboards under guidance. Participate in log onboarding and validation for new sources (e.g., CSPM, EDR, DLP, Cloud tools). Support automation workflows and enrichment via playbooks. Hands-on knowledge of: EDR/XDR:
CrowdStrike SIEM:
Splunk, Elastic (optional) Email Security:
Mimecast DLP:
Forcepoint (Web/Email), Netskope (CASB/ZTNA) Vulnerability Management:
Nessus, Qualys Threat Intel Tools:
IOC lookups, sandboxing tools, OSINT Documentation & Compliance Maintain updated incident records, timelines, and evidence in ITSM or ticketing platforms. Contribute to SOP/Playbook updates, audit reports, and RCA documentation. Participate in compliance checks for ISO 27001 and internal audits. Suggest detection logic improvements based on new threats or recurring false positives. Engage in purple teaming and threat hunting exercises as needed. Mandatory : 3-5 years
of relevant experience in a SOC environment. Strong hands-on knowledge of SIEM (Splunk) and EDR (CrowdStrike). Experience in log analysis, threat detection, and incident handling. Good understanding of TCP/IP, DNS, HTTP, VPN, authentication, cloud security basics. Familiarity with ISO 27001, or NIST 800-61 IR process is a plus. Certifications such as
CompTIA CySA+, CEH, Splunk Core/User , or
AZ-500
preferred.
#J-18808-Ljbffr
L1 SOC Analyst – XDR Platform – L1 SOC Analyst to provide 24×7 security monitoring and support for Extended Detection and Response (XDR) platform. This role is the first line of defense in identifying, triaging, and escalating potential security incidents, ensuring threats are addressed quickly and effectively. Qualification:
Graduate Experience: 5+ Certification: CompTIA CySA+ / Security+ / CEH Splunk Core Certified User / Power User Microsoft AZ-500 / SC-200 Responsibilities: Security Monitoring & Incident Handling Triage and investigate escalated alerts from SIEM, XDR (CrowdStrike), EDR, email, and network security tools. Perform log correlation and in-depth investigations using Splunk/Elastic dashboards and queries. Handle incidents across endpoints, cloud (Azure/OCI/GCP), email, DLP, and network layers. Respond to phishing, malware, unauthorized access, and insider threat alerts. Support forensic triage using EDR tools and sandbox results (e.g., Falcon Sandbox). SOC Engineering & SIEM Operations Create, fine-tune, and optimize detection rules and dashboards in
Splunk . Maintain and troubleshoot Splunk forwarders, heavy forwarders, and dashboards under guidance. Participate in log onboarding and validation for new sources (e.g., CSPM, EDR, DLP, Cloud tools). Support automation workflows and enrichment via playbooks. Hands-on knowledge of: EDR/XDR:
CrowdStrike SIEM:
Splunk, Elastic (optional) Email Security:
Mimecast DLP:
Forcepoint (Web/Email), Netskope (CASB/ZTNA) Vulnerability Management:
Nessus, Qualys Threat Intel Tools:
IOC lookups, sandboxing tools, OSINT Documentation & Compliance Maintain updated incident records, timelines, and evidence in ITSM or ticketing platforms. Contribute to SOP/Playbook updates, audit reports, and RCA documentation. Participate in compliance checks for ISO 27001 and internal audits. Suggest detection logic improvements based on new threats or recurring false positives. Engage in purple teaming and threat hunting exercises as needed. Mandatory : 3-5 years
of relevant experience in a SOC environment. Strong hands-on knowledge of SIEM (Splunk) and EDR (CrowdStrike). Experience in log analysis, threat detection, and incident handling. Good understanding of TCP/IP, DNS, HTTP, VPN, authentication, cloud security basics. Familiarity with ISO 27001, or NIST 800-61 IR process is a plus. Certifications such as
CompTIA CySA+, CEH, Splunk Core/User , or
AZ-500
preferred.
#J-18808-Ljbffr