Security Operations Center Analyst

Job Description:

The role includes in-depth investigation of complex security alerts, managing cyber incidents (Incident Response), writing advanced monitoring rules, and collaborating with infrastructure and development teams to reduce attack surfaces.

Responsibilities:

• Incident investigation and internal escalation response for Tier 1

• Conducting comprehensive investigations of complex security alerts, intrusion events and suspected malicious activity (Malware, Phishing, Unauthorized Access)

• Performing proactive threat hunting in the organization, focusing on identifying low-signature malicious activity and behavioral anomalies through advanced statistical analysis, event correlation over time, and implementing MITRE ATT&CK-based detection tactics

• Performing basic endpoint forensics and network traffic analysis to identify the intrusion vector and scope of the breach

• Analyzing and optimizing policies in SIEM/XDR systems to reduce false positives and improve system efficiency.

• Identifying gaps in SOC work processes and initiating projects to improve them

• Mentoring and professional training for Tier 1 analysts

Professional requirements (education, experience):

• 2-3 years as a SOC Analyst (preferably prior experience as a Tier 1 or in a system/network role).

• Proven experience in investigating, analyzing, and responding to information security incidents

• Proven experience working and investigating in a multi-cloud environment (AWS/Azure)

• Practical experience with security systems, such as: FW, IPS, WAF, XDR/EDR, SIEM

• In-depth understanding of communication protocols (TCP/IP, DNS, HTTP/S) and network traffic analysis

• Ability to perform basic static and dynamic analysis of suspicious files

• Ability to write technical reports (in Hebrew and English)