SOC/NOC Tier 1 Analyst

The next- generation
SOC/NOC Tier 1
serves as the first line of defense in the security and operations monitoring model, working with alerts that have been pre- processed by AI (AI- triaged alerts).
The role focuses on validation, accurate classification, reducing false positives, and ensuring proper escalation to Tier 2/3 teams.

Monitoring & Handling AI- Triaged Alerts:

Monitor and handle SOC/NOC alerts that have been preliminarily classified by AI.
Re- check the accuracy of:
Security alerts
Operational alerts
Escalate critical events to the Tier 2 or Incident Response (IR) team.
Determine the severity level (Severity Validation).
Perform triage according to standardized playbooks.

False Positive Validation:

Analyze logs and perform event correlation to determine:
False Positive
Malicious Activity
Benign True Positive
Collaborate with Detection Engineers to improve detection rules.
Record notes and update information to support detection tuning.
Compare findings with the system baseline.

SIEM System Usage & Operations:

Be proficient in using Elasticsearch within a a SIEM environment.
Query logs using:
KQL / DSL queries
Review:
Application logs
Network logs
Authentication logs
Search for Indicators of Compromise (IOC) and abnormal patterns.

Required Foundational Knowledge:
Computer Networking

TCP/IP, OSI model
DNS, HTTP/HTTPS, SMTP
Firewall, IDS/IPS
VPN, NAT

Network Security

Basic threat patterns
Port scanning
Brute force attacks
Lateral movement
C2 traffic

Application Security

Understanding of the OWASP Top 10.
Ability to identify:
SQL Injection
Cross- Site Scripting (XSS)
Broken Authentication
Remote Code Execution (RCE)
Ability to read and understand application logs related to security vulnerabilities.

Experience

Having personal hands- on labs or practical security environments is an advantage.
Students or graduates majoring in Information Security or Information Technology are preferred.

Technical Skills

Ability to write log search queries.
Understanding of basic Incident Response processes.
Ability to read and analyze basic logs.
Ability to use SIEM tools (Elasticsearch is a plus).
Strong analytical thinking and the ability to avoid “blind trust” in AI outputs.

Soft Skills

Clear documentation and reporting skills.
Careful and detail- oriented.
Ability to work in shifts (shift- based).
Critical thinking mindset.

Average alert handling time (MTTA).
Correct escalation rate.
Compliance with established processes and playbooks.
False Positive validation accuracy ≥ 95%.
Number of rule improvement proposals per quarter.

A creative and modern working environment.
15 days of annual leave, 3 remote work days per month.
Comprehensive health and accident insurance.
Provision of work equipment (Macbook/ Laptop, mouse, monitor, etc.).
Competitive salary package (Base salary and performance bonuses).
Probation period salary is 100% of the official salary.

Laptop, Chế độ bảo hiểm, Du Lịch, Phụ cấp, Xe đưa đón, Du lịch nước ngoài, Đồng phục, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương, Công tác phí, Nghỉ phép năm, CLB thể thao

Cập nhật gần nhất lúc: 2026-03-15 12:50:03