As a SOC Analyst L1, you will monitor and triage cybersecurity alerts from multiple sources (SIEM/EDR/network), determine whether activity is benign or suspicious, document evidence clearly, and escalate confirmed or potentially high-risk cases following playbooks and SLAs.
Responsibilities:
- Monitor security events and alerts in SIEM and defensive tools; perform initial triage and classification (benign / false positive / suspicious / incident).
- Collect and review basic evidence: endpoint telemetry, Windows/Linux logs, firewall/IDS, DNS/proxy; perform initial correlation (host/user/IP/IOC/process).
- Execute runbooks/playbooks (e.g., password reset request, IOC block request, host isolation request) when authorized and aligned with procedures.
- Create and maintain high-quality tickets with a clear narrative: what happened, supporting evidence, potential impact, actions taken, recommended next steps.
- Escalate to L2/L3/IR when there is evidence of compromise, material risk, lateral movement, or uncertainty that requires deeper investigation.
- Deliver structured shift handovers (case status, findings, hypotheses, next steps, blockers).
- Meet operational SLAs and documentation of quality standards.
Requirements
- 0–2 years in SOC/NOC/IT Security operations or equivalent hands-on experience demonstrated via labs/casework.
- Solid fundamentals in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
- Basic working knowledge of Windows and Linux (processes, authentication, logging concepts).
- Ability to interpret log fields (source/destination, user, process, hash, URL, action, result).
- Strong spoken and written English (minimum B2) — must be able to join technical calls and write clear tickets and summaries in English.
- Strong attention to detail, structured thinking, prioritization, and ability to work under pressure and repetitive workflows without quality loss.
- Experience with SIEM/EDR/IDS tools (e.g., Wazuh, Splunk, Sentinel, QRadar; Defender/CrowdStrike; Suricata/Snort). (Nice to have )
- Basic query skills (KQL/SPL/Lucene/DQL) and familiarity with MITRE ATT&CK concepts. (Nice to have )
- Entry-level certifications (e.g., Security+, BTL1, CySA+) or equivalent proof of competence. (Nice to have )
Other open roles at CallTek(6)
For more than two decades, CallTek has been a global leader in delivering secure, compliant, and reliable white-label technical support services. As a Managed Service Provider (MSP), we offer 24/7 engineering, software development, field service, and customer support to technology operators and service providers worldwide. Our team of over 10,000 skilled professionals manages more than 20,000 buildings and one million enterprise network appliances globally. We are dedicated to security and privacy, adhering to the highest industry standards, including PCI-DSS, ISO 27001, SOC 2, and GDPR. This commitment ensures that our partners' data is protected, and their operations are compliant with global regulations. CallTek combine our expertise as an MSP with innovative technology. We’ve developed proprietary platforms such as Odyssey CX , powered by artificial intelligence (AI) and natural language processing (NLP), to provide advanced solutions that integrate seamlessly with your existing systems to provide you deep customer insights. Our dedication to excellence extends to our 24/7 Live Customer Support and Field Service teams, who are available across 35,000 zip codes, including certified low-voltage Ekahau technicians ready to resolve break-fix jobs and perform Wireless Site Surveys. Headquartered in Irvine, CA, CallTek has a global footprint with offices in nine countries, including the Dominican Republic, Colombia, Egypt, Guatemala, Honduras, India, Mexico, the Philippines, and the United States. Recognized for our unwavering commitment to security, privacy, and innovation, CallTek was named one of the Best Employers by The Philippine Daily Inquirer in 2023 and 2004. For more information on how CallTek can securely support your business with cutting-edge solutions, visit calltekinc.com.
Key team members
Ahmed El Sayed
Shirlene Shelley Zamora Tabernero
Kevin Spruill CECP
Joshua Bergen CHAE, CHTP
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.