SOC Analyst - Tier 1 (Managed SOC)

The SOC Analyst - Tier 1 is responsible for providing 24x7 security monitoring, alert triage, event analysis, and incident escalation services within ZainTECH’s Managed Security Operations Center (SOC). As the first line of defense against cybersecurity threats, the role continuously monitors customer environments, validates security events, and ensures potential security incidents are identified, classified, documented, and escalated in accordance with established procedures and service level agreements. 

Responsibilities:

Security Monitoring & Event Analysis 

• Provide continuous 24x7 monitoring of customer and enterprise security environments through shift-based operations. 
• Monitor and analyze security events generated from SIEM platforms, IDS/IPS solutions, Endpoint Detection & Response (EDR) tools, Firewalls, Email security gateways, Web security solutions and Cloud security platforms 
• Review and assess security alerts to determine whether activity represents a legitimate security threat or a false positive. 
• Perform initial event validation, classification, and prioritization based on severity, risk, and potential business impact. 
• Identify suspicious behavior, indicators of compromise (IOCs), and anomalous activities requiring further investigation. 

Incident Triage & Escalation 

• Perform first-level analysis and triage of security alerts and events. 
• Create and manage incident tickets within approved incident management platforms. 
• Categorize incidents based on Severity, Impact, Urgency and Threat classification
• Escalate validated incidents to SOC Analyst - Tier 2 teams in accordance with approved escalation procedures. 
• Ensure escalations include complete and accurate investigation details to support efficient handover and further analysis. 
• Maintain incident tracking and ensure timely updates throughout the incident lifecycle. 

SIEM Operations & Security Monitoring 

• Utilize SIEM platforms to Monitor security events, Review alerts, Execute predefined searches and queries, Support basic investigations 
• Support operational activities including Alert validation, Monitoring dashboard review, Log analysis and Security event correlation 
• Assist with identifying false positives and escalating tuning recommendations where required. 
• Support the overall effectiveness and reliability of monitoring operations. 

Documentation & Reporting 

• Maintain accurate records of investigations, observations, and escalation activities. 
• Document security incidents and monitoring activities in accordance with operational procedures. 
• Participate in shift handovers and ensure continuity of investigations between teams. 
• Support operational reporting and SOC performance metrics activities. 

Governance, Compliance & Operational Excellence 

• Follow approved SOC procedures, playbooks, and operational standards. 
• Ensure compliance with Internal security policies, Customer contractual obligations and NCSC Jordan licensing requirements 
• Handle customer information with strict confidentiality and professionalism. 
• Participate in training, simulation exercises, and continuous improvement initiatives. 
• Maintain awareness of emerging cybersecurity threats and attack techniques. 

Our Culture & Code of Conduct:

At ZainTECH, we take pride in a culture built on collaboration, innovation, and uncompromising integrity. We are looking for individuals who share these values and are committed to customer-centricity and ethical excellence. All employees are expected to uphold our Code of Conduct, which serves as a guiding framework for responsible behavior across everything we do — from how we work with each other to how we engage with clients and partners globally.

Requirements

• Bachelor's degree or intermediate diploma from a recognised institution. 
• At least 6 months of practical cybersecurity experience. 
• At least one valid NCSC-approved SOC certification like (CSA,GSOC,GCIA),CTIA, Blue Team Level 1, or Cisco CyberOps Associate) or another internationally recognised, equivalent certification in the same field that is approved by the NCSC.
• Familiarity with SIEM consoles, alert triage, and SOC monitoring workflow; willingness to work rotating shifts. 
• Foundational networking and operating-system knowledge is preferable.  
• Prior internship or junior SOC experience is preferable.