L1 – SOC Analyst

Role Objective Monitor alerts, triage basic events, escalate suspicious activity from SIEM,

EDR, and NDR platforms

Experience Level 0–2 years (fresh graduates or entry-level SOC/NOC experience)
Certifications (Preferred)

– CompTIA Security+
– Microsoft SC-900
– Basic QRadar/Sentinel/LinkShadow/Darktrace training
SIEM Tool Proficiency – Basic monitoring with QRadar, Microsoft Sentinel
– Execute pre-defined queries, view dashboards, raise alerts
EDR/XDR Experience – Basic navigation of Microsoft Defender for Endpoint dashboards

– Monitor AV/EDR alerts

NDR Tool Proficiency – Basic familiarity with LinkShadow or Darktrace dashboard alerts

– Monitor for anomalous behavior patterns

Monitoring & Triage – Review alerts from SIEM, EDR, and NDR dashboards
– Validate basic security events against playbooks

Threat Hunting Not applicable
SIEM Use Case
Development Not applicable
Threat Intelligence Usage – Understand IOCs (IP, domain, file hash)

– Flag and enrich alerts using shared threat intelligence

Incident Response
Support

– Log incidents and escalate to L2 based on severity
– Follow SOPs for malware, phishing, brute-force events

Tool Familiarity

– QRadar
– Microsoft Sentinel
– Microsoft Defender for Endpoint
– LinkShadow or Darktrace
– EOP/Exchange protection
– Antivirus platforms

Cloud Security
(Optional) – Exposure to Azure AD sign-in logs, cloud activity alerts in Sentinel
Shift Readiness Yes — 24×7 rotation, including nights, weekends, holidays
Reporting Skills – Basic ticket updates

– Document time, impact, and actions taken

Soft Skills

– Fast learner
– Reliable communicator
– Team player