L1 SOC Analyst

Job Description

Tietoevry Create Ukraine is inviting a talented professional to join our team as a L1 SOC Analyst to join our Security Operations Center (SOC) team. The ideal candidate will play a critical role in detecting, analyzing, and responding to cybersecurity threats and incidents. This position requires strong analytical skills, in-depth knowledge of security operations, and expertise with Security Information and Event Management (SIEM) platforms, particularly Microsoft Sentinel.

Responsibilities:

• Incident Analysis:
• Perform real-time monitoring and analysis of security events and alerts from various security tools, including SIEM (MS Sentinel), Microsoft Defender suite, Firewalls, WAFs, and other security logs.
• Triage security incidents
• Conduct in-depth investigations of security incidents, performing root cause analysis to understand the full scope and impact.
• Correlate data from multiple sources to identify suspicious activities, attack patterns, and potential threats.
• Distinguish between false positives and true security incidents, prioritizing and escalating as necessary.
• Incident Response & Remediation:
• Execute incident response procedures according to SOC playbooks and predefined instructions.
• Document all activities during an incident, providing timely status updates and preparing comprehensive incident reports.
• Mentoring & Collaboration:
• Collaborate effectively with other cybersecurity teams (e.g., L2/L3 Analysts, etc) and IT operations.
• Participate in security awareness initiatives and knowledge sharing sessions.
• Shift Work:
• Work in a 24x7 rotational shift environment, including night shifts and weekends.

Required Skills & Qualifications:

• IT or IT Security degree or at least 1 years of practical experience in IT (customer support, system/network/cloud administration, security administration)
• Good analytical skills
• Understanding of Incident management process, frameworks and best-practices.
• Good understanding of computer networks (VLAN, IP addressing, routing, etc.)
• Solid knowledge of or previous experience with: SIEM (Sentinel, QRadar, ELK), XDR, EDR, Identity protection; Vulnerability Scanners; Endpoint Security tools; Security Log Management tools (syslog-ng, rsyslog, logstash, graylog, etc.) would be a plus.
• Understanding of common types of security attacks (DNS cache poisoning, ARP spoofing, DDoS, XSS, CSRF, SQL Injection, etc.)
• Microsoft SC-200, CompTIA Security+ or similar certifications would be a significant advantage
• Intermediate level of English is a minimum.
• Proactive, result-oriented personality able to work in a team.

Additional Information

At Tietoevry, we believe in the power of diversity, equity, and inclusion. We encourage applicants of all backgrounds, genders (m/f/d), and walks of life to join our team, as we believe that this fosters an inspiring workplace and fuels innovation. Our commitment to openness, trust, and diversity is at the heart of our mission to create digital futures that benefit businesses, societies, and humanity.

Diversity, equity and inclusion )