Associate - SOC L1 Analysis

About Malomatia

Malomatia is a premier IT services and solutions provider based in Qatar, uniting top Qatari and international expertise to deliver innovative, comprehensive technology solutions that enable clients to reach their strategic objectives. Our mission is to empower Qatari businesses and governments to advance into the digital era with adaptable, knowledge-based solutions. We aspire to be Qatar's foremost knowledge partner in digital transformation, revolutionizing industries, shaping the future, and fostering a world-class technology ecosystem. Since 2008, Malomatia has been instrumental in driving Qatar's digital transformation through cutting-edge, ISO-certified IT solutions. With extensive experience across major public and private sectors, we support the nation's vision through advanced services in cloud computing, cybersecurity, artificial intelligence, and contact center operations, enhancing technology's role in building Qatar's sustainable future. Established in 2008, malomatia is a Qatari leader in IT services and digital transformation, serving critical sectors such as Government, Healthcare, Education, Customs, and Transportation, and delivering impactful solutions aligned with national development objectives. Our team comprises skilled Qatari and international IT professionals who provide innovative, high-value digital solutions customized to client needs. Our mission is to inspire customers to achieve success through digital excellence, aiming to be the preferred partner in creating a smarter society via technology and talent. Our operations are guided by core values: ownership, integrity, empathy, teamwork, transparency, agility, excellence, trust, and innovation.

Job Description

The Associate SOC L1 Analyst will support the daily operations of L2/L3 SOC functions, leveraging experience in network and security operations. This role involves analyzing security alerts and log data, monitoring SIEM tools, conducting in-depth incident investigations, and implementing containment measures.

Responsibilities

• Analyze security alerts and log data promptly to assess threat severity and impact, prioritizing incidents effectively.
• Monitor and analyze Security Information and Event Management (SIEM) tools, such as Microsoft Sentinel, to detect potential security incidents and anomalies.
• Perform detailed analysis of security events, collaborating with customers to escalate and investigate incidents, identifying scope, impact, and root cause.
• Execute rapid containment and remediation actions for security incidents using established response strategies to prevent further compromise.
• Contribute to the development and refinement of processes and procedures, including Security Playbooks.
• Optimize analytical rules within SIEM platforms like Sentinel to minimize false positives and enhance detection accuracy.
• Support vulnerability assessments and penetration testing activities, prioritizing vulnerabilities for remediation with customer input.
• Maintain comprehensive records of incidents, investigations, and security activities in the incident management system.
• Generate detailed reports on security incidents, response efforts, and recommendations for improvement.
• Research emerging security trends and present findings to internal teams and clients.

Requirements

• Demonstrated hands-on experience with SIEM technologies, preferably Microsoft Sentinel, and familiarity with EDR solutions like Microsoft Defender.
• Solid understanding of Windows, Linux, and cloud environments, including Microsoft Azure and Office 365.
• Proficiency with various security solutions including SIEMs, web proxies, antivirus, firewalls, VPNs, authentication systems, encryption, and intrusion detection/prevention systems.
• Strong grasp of networking fundamentals, encompassing TCP/IP, WAN/LAN, and common internet protocols.
• Bachelor's degree in Computer Science, Information Security, or a related discipline.
• Possession of a Microsoft Security Operations Analyst certification.

Additional Information

The role requires supporting L2/L3 operations and necessitates experience in network and security operations and projects.