CIS部門 - SOC - Analyst (L1~L3)

Job Description

SOC Analyst (L1~L3)

Responsibilities:

Operations & Monitoring

• Oversee daily SOC operations including threat monitoring, alert triage, incident investigation, and response coordination.
• Ensure that security incidents are detected, analyzed, prioritized, contained, and remediated efficiently.
• Maintain operational awareness of active incidents, emerging threats, and vulnerabilities.
• Ensure alignment of SOC processes with organizational policies, SLAs, and compliance requirements. 

Technology & Process Optimization

• Manage and optimize SOC tools and technologies, including SIEM, SOAR, EDR/XDR, NDR, and threat intelligence platforms.
• Drive integration and automation initiatives to improve detection efficiency and reduce analyst fatigue.
• Collaborate with security engineering teams to fine-tune correlation rules, detection logic, and data ingestion pipelines.
• Develop and maintain incident response playbooks, escalation procedures, and reporting templates. 

Threat Management & Response 

• Coordinate with the Incident Response, Threat Hunting, and Threat Intelligence teams for proactive defence and rapid incident containment.
• Review major incidents, lead post-incident reviews (PIRs), and ensure lessons learned are applied.
• Maintain strong situational awareness of the global threat landscape and adjust detection strategies accordingly.
• Governance, Reporting & Continuous Improvement
• Report on SOC performance, incident trends, and metrics to executive leadership (CISO, CIO, Risk teams).
• Develop SOC policies, standard operating procedures (SOPs), and compliance documentation.
• Drive maturity improvements based on frameworks such as NIST CSF, MITRE ATT&CK, and ISO 27001.
• Evaluate new technologies and best practices to enhance SOC capabilities and scalability. 

Requirements:

• From 3 to up to 10 years of experience in cybersecurity operations with hand-on experience in SIEM/SOAR, EDR and TI platforms.
• Good to have certifications like CISSP, CISA, CEH, ISO27001 (Implementation). 

Good to have technical skills:

• Understanding of network security, endpoint protection, cloud security, and threat detection technologies.
• Expertise in SIEM platforms (e.g., Splunk, Azure Sentinel, CrowdStrike, ELK, LogRhythm) and SOAR tools (e.g., Cortex XSOAR, Splunk Phantom).
• Familiarity with EDR/XDR tools (CrowdStrike, Defender, Sentinel One) and threat intelligence integration.
• Knowledge of adversary tactics and frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model.
• Understanding of cloud and hybrid environments (AWS, Azure, GCP) from a detection and response perspective. 

Preferred Certifications:

• Certified SOC Analyst (CSA)
• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• GIAC Security Operations Manager (GSOM) or GIAC Cyber Threat Intelligence (GCTI)
• CompTIA CySA+ / CASP+