Coretek Services is hiring a SOC Analyst - Level 1

Coretek Services is looking for a SOC Analyst - Level 1 to join our security team. This entry-level role is responsible for the initial detection, triage, and response to security alerts, serving as the first line of defense. You will monitor security tools, perform basic analysis to identify false positives, follow established playbooks for initial response, and escalate more complex incidents.

What You'll Do

• Monitor alerts from SIEM, firewalls, IDS/IPS, and other security systems to identify potential incidents.
• Triage alerts by severity, impact, and urgency using defined criteria.
• Collect initial alert details including source, target, timestamp, and relevant logs.
• Follow playbooks and SOPs for preliminary analysis to check for false positives or determine escalation needs.
• Perform basic containment actions per playbooks, such as blocking IPs or isolating systems.
• Verify remediation effectiveness and document all actions with clear timestamps.
• Collaborate with other teams to solve blockers and drive innovative solutions.
• Escalate advanced incidents to Level 2 based on severity, impact, or complexity thresholds.
• Provide detailed logs, analysis, and context for a smooth handoff to Level 2 analysts.
• Notify Level 2 or response teams promptly, clearly noting urgency and risks.
• Document incidents accurately per SOC standards, including alerts, actions, and outcomes.
• Keep records organized, timestamped, and accessible for audits and reviews.
• Update supervisors and Level 2 analysts on incident status, key findings, and next actions needed.

What We're Looking For

• Familiarity with SIEM platforms (e.g., Elastic, Splunk, QRadar), firewalls, IDS/IPS, and endpoint security tools.
• Basic knowledge of networking concepts like TCP/IP, DNS, VPN, and protocols (HTTP, FTP).
• Awareness of common threats such as phishing, malware, DDoS, and typical attack vectors.
• Ability to triage alerts, effectively separating false positives from legitimate threats.
• Skill in following playbooks and SOPs for initial incident response and remediation.
• Strong attention to detail for monitoring security events and spotting anomalies.
• Clear and accurate documentation of incidents, properly timestamped for audits or escalations.
• Effective verbal and written communication to report findings and escalate to Level 2.
• Proven ability to collaborate within a team, especially during incident scenarios.
• Capacity to handle multiple tasks in a high-pressure, dynamic environment.
• Willingness to work 24/7 shifts, including nights and weekends.
• A strong sense of urgency and duty in incident response situations.
• Maintain composure under pressure during active security incidents.

Nice to Have

• Degree in cybersecurity, IT, or a related field preferred, or equivalent practical experience.
• Entry-level certifications such as CompTIA Security+, Cisco CCNA, or equivalent experience.
• Other relevant security certifications are desirable.

Technical Stack

• SIEM: Elastic, Splunk, QRadar
• Firewalls
• IDS/IPS
• Endpoint security tools

Team & Environment

You will be part of a Security Operations Center (SOC) team, escalating complex incidents to Level 2 analysts for deeper investigation. Our culture is built on a highly skilled and motivated team with a strong drive to learn and grow. A desire to learn and collaborate within a team is essential. You will receive structured training and on-the-job experience, and must be able to adapt to ongoing changes in the security industry.