Join a highly skilled and motivated team of Cyber Security Professionals tasked with protecting Coretek and its customers. The Cyber Security Analyst Level 1 (SOC Analyst L1) is an entry-level role responsible for the initial detection, triage, and response to security alerts. This includes monitoring security tools, performing basic analysis to identify false positives, following predefined playbooks for initial response, and escalating complex or high-priority incidents to Level 2 analysts with detailed documentation. Analysts will leverage SIEM/SOAR platforms, cyber case management, and supplementary tools to investigate, contain, and remediate cyber security incidents. The role requires a drive to learn and grow as the industry and Coretek evolve rapidly.Coretek recognizes candidates may lack some skills for this unique service provider role and will train and develop the right fit. Desire to learn and collaborate within a team is essential. Skills from other disciplines demonstrate adaptability and are welcome. Formal education or self-taught backgrounds are valued. Structured training and on-the-job experience will prepare analysts for the complex requirements and fast-paced environment of a service provider. Analysts must adapt to industry changes.ESSENTIAL FUNCTIONS:Monitor alerts from SIEM, firewalls, IDS/IPS, and other systems to spot incidentsTriage alerts by severity, impact, and urgency using set criteriaCollect initial alert details like source, target, timestamp, and logsUse playbooks and SOPs for preliminary analysis to check for false positives or escalation needsPerform containment actions per playbooks, such as blocking IPs or isolating systemsVerify remediation effectiveness and document actions with timestampsCollaborate with teams to solve blockers innovativelyEscalate advanced incidents based on severity, impact, or complexity thresholdsProvide detailed logs, analysis, and context for smooth handoff to Level 2Notify Level 2 or response teams quickly, noting urgency and risksDocument incidents accurately per SOC standards, including alerts and outcomesKeep records organized, timestamped, and accessible for auditsUpdate supervisors and Level 2 on status, key findings, and actions neededRequirementsFamiliarity with SIEM (e.g., Elastic, Splunk, QRadar), firewalls, IDS/IPS, and endpoint toolsBasic knowledge of networking like TCP/IP, DNS, VPN, and protocols (HTTP, FTP)Awareness of common threats (phishing, malware, DDoS) and attack vectorsAbility to triage alerts, separating false positives from real threatsSkill in following playbooks and SOPs for initial response and remediationStrong attention to detail for monitoring events and spotting anomaliesClear documentation of incidents, timestamped for audits or escalationsEffective communication to report findings and escalate to Level 2Team collaboration, especially in incident scenariosHandle multiple tasks in a high-pressure, dynamic environmentWillingness for 24/7 shifts, including nights and weekendsSense of urgency and duty in incident responseComposure under pressure during active incidentsShift Specifics7 a.m. - 7 p.m. Mon-Tues-Wed7 a.m. - 7 p.m. Sun-Mon-Tues every third or 4th weekEDUCATION and TRAINING:· Degree in cybersecurity, IT, related field preferred, or equivalent experience· Entry-level certs like CompTIA Security+, Cisco CCNA, or equivalent experience· Security certifications desired
