Back to listings
CGIBangalore, KA

Security Operations (SecOps) – L1

Description

Security Operations (SecOps)

  • L1 Role Overview The SecOps L1 Analyst is responsible for monitoring security systems, identifying potential threats, and escalating incidents for deeper investigation. This role provides the first line of defense in the Security Operations Center (SOC), ensuring timely detection and response to security events. Key Responsibilities
  • Monitoring & Alert Handling
  • Continuously monitor SIEM, EDR, IDS/IPS, and other security platforms for alerts.
  • Perform initial triage to distinguish false positives from genuine threats.
  • Escalate validated incidents to L2 analysts with detailed context.
  • Incident Documentation
  • Record all alerts, actions taken, and escalations in SOC tools.
  • Maintain accurate incident logs and ensure compliance with reporting standards.
  • Contribute to knowledge base articles for recurring issues.
  • Threat Awareness
  • Stay updated on common attack vectors (phishing, malware, brute force, insider threats).
  • Apply basic threat intelligence to contextualize alerts.
  • Support vulnerability management activities by reporting observed risks.
  • Collaboration & Support
  • Work closely with L2/L3 analysts and SOC managers.
  • Provide timely communication to stakeholders during incidents.
  • Participate in shift handovers and ensure continuity of monitoring.
  • Process Adherence
  • Follow SOC playbooks and standard operating procedures (SOPs).
  • Ensure compliance with ITIL incident management workflows.
  • Support audits and reviews by providing accurate incident data. Required Skills & Experience
  • 1–3 years of IT/security experience (SOC or IT support background preferred).
  • Basic knowledge of SIEM platforms (Splunk, QRadar, Sentinel) and endpoint security tools.
  • Understanding of networking fundamentals (TCP/IP, firewalls, VPNs).
  • Familiarity with common attack types and security best practices.
  • Strong attention to detail, documentation, and communication skills. Preferred Qualifications
  • CompTIA Security+, CEH, or equivalent entry‑level security certifications.
  • Exposure to cloud security monitoring (Azure, AWS, GCP).
  • ITIL v4 Foundation certification.
  • Experience with ticketing systems (ServiceNow, Remedy, Jira).

Skills:

Incident Management, Security Infrastructure Supprt, Security Operations Center

Skills

JiraSplunkAWSSecurityGCPAzure