Cybersecurity Analyst

Key Responsibilities

Security Monitoring & Alert Triage


* Monitor and triage security alerts and platform health notifications from SIEM (Microsoft Sentinel), NIDS, NMS, and OT-specific security platforms (Nozomi Vantage, Claroty SRA).


* Perform initial classification of alerts based on severity, asset criticality, and business impact, ensuring
timely action in line with customer SLAs.


* Continuously monitor threat detection (MDR) and platform health (CCM) queues across assigned customer
accounts during shift.

Investigation & Incident Handling



* Conduct initial investigation and basic correlation of security events following documented SOPs, playbooks, and runbooks.


* Enrich alerts with contextual data - asset information, past incident history, known threat indicators -
and update ticketing systems (ServiceNow, iTop) with structured case notes.


* Identify and escalate complex security incidents, advanced threats, or platform issues to MDR L2 or CCM L2
teams with full context and documented handoff.


* Coordinate with L2 analysts and Security SMEs during critical incidents to support mitigation and closure of
high-severity events.


* Update and follow incident response playbooks aligned to the OT/ICS threat landscape, including adversary
behaviour in industrial environments.

Reporting & Documentation



* Maintain thorough documentation of all actions taken, follow-ups, escalation history, and case closure
notes within the ticketing system.


* Prepare KPI dashboards, shift handover reports, and contribute to Monthly Service Reports (MSRs) for
assigned customer accounts.


* Support SIEM administration activities including ad hoc reporting and basic troubleshooting.

Shift Operations & Team Collaboration



* Adhere to shift operational standards including ticketing hygiene, SLA adherence, and shift handover
protocols.


* Liaise with internal stakeholders and customer contacts regarding security issues, service updates, and
future recommendations.


* Coordinate with Security SMEs to support the development and tuning of detection rules targeting
adversary activity in ICS/OT domains.


* Support security awareness activities and contribute to internal knowledge-sharing and knowledge base
updates.


* Participate in SOC shift roster management to ensure continuous 24×7 coverage.



* 1-3 years of experience in a Security Operations Centre (SOC) or MSSP environment with 24×7 shift
exposure.


* Demonstrated ability to monitor, triage, and investigate security events in a production SOC environment.


* Hands-on experience with SIEM platforms


* Microsoft Sentinel is essential; Splunk is advantageous.


* Experience working with ticketing platforms such as ServiceNow or JIRA for case handling, alert triage, and
escalation workflows.

Looking to make an IMPACT with yo...