Join a highly skilled and motivated team of Cyber Security Professionals tasked with protecting Coretek and its customers. The Cyber Security Analyst Level 1 (SOC Analyst L1) is an entry-level role responsible for the initial detection, triage, and response to security alerts. This includes monitoring security tools, performing basic analysis to identify false positives, following predefined playbooks for initial response, and escalating complex or high-priority incidents to Level 2 analysts with detailed documentation. Analysts will leverage SIEM/SOAR platforms, cyber case management, and supplementary tools to investigate, contain, and remediate cyber security incidents. The role requires a drive to learn and grow as the industry and Coretek evolve rapidly.
Coretek recognizes candidates may lack some skills for this unique service provider role and will train and develop the right fit. Desire to learn and collaborate within a team is essential. Skills from other disciplines demonstrate adaptability and are welcome. Formal education or self-taught backgrounds are valued. Structured training and on-the-job experience will prepare analysts for the complex requirements and fast-paced environment of a service provider. Analysts must adapt to industry changes.
ESSENTIAL FUNCTIONS:
Monitor alerts from SIEM, firewalls, IDS/IPS, and other systems to spot incidents
Triage alerts by severity, impact, and urgency using set criteria
Collect initial alert details like source, target, timestamp, and logs
Use playbooks and SOPs for preliminary analysis to check for false positives or escalation needs
Perform containment actions per playbooks, such as blocking IPs or isolating systems
Verify remediation effectiveness and document actions with timestamps
Collaborate with teams to solve blockers innovatively
Escalate advanced incidents based on severity, impact, or complexity thresholds
Provide detailed logs, analysis, and context for smooth handoff to Level 2
Notify Level 2 or response teams quickly, noting urgency and risks
Document incidents accurately per SOC standards, including alerts and outcomes
Keep records organized, timestamped, and accessible for audits
Update supervisors and Level 2 on status, key findings, and actions needed
Requirements
Familiarity with SIEM (e.g., Elastic, Splunk, QRadar), firewalls, IDS/IPS, and endpoint tools
Basic knowledge of networking like TCP/IP, DNS, VPN, and protocols (HTTP, FTP)
Awareness of common threats (phishing, malware, DDoS) and attack vectors
Ability to triage alerts, separating false positives from real threats
Skill in following playbooks and SOPs for initial response and remediation
Strong attention to detail for monitoring events and spotting anomalies
Clear documentation of incidents, timestamped for audits or escalations
Effective communication to report findings and escalate to Level 2
Team collaboration, especially in incident scenarios
Handle multiple tasks in a high-pressure, dynamic environment
Willingness for 24/7 shifts, including nights and weekends
Sense of urgency and duty in incident response
Composure under pressure during active incidents
Shift Specifics
7 a.m. - 7 p.m. Mon-Tues-Wed
7 a.m. - 7 p.m. Sun-Mon-Tues every third or 4th week
EDUCATION and TRAINING:
· Degree in cybersecurity, IT, related field preferred, or equivalent experience
· Entry-level certs like CompTIA Security+, Cisco CCNA, or equivalent experience
