SOC Analyst (L1)

What makes the role special:

• Global exposure: Work with customers across different industries and regions, gaining unique insight into diverse threat landscapes and infrastructures.

• Structured growth path: The role is designed as the entry point into a professional SOC career, with clear progression to L2/L3, Incident Response, Threat Hunting, or other specialized areas.

• Cutting-edge environment: Operate in a modern system setup with advanced monitoring, threat intelligence, and automation capabilities.

• Continuous learning: Daily work with real incidents, mentorship from senior analysts, and internal training programs ensure rapid skill development.

• Meaningful impact: Your vigilance and accuracy directly reduce risks for customers, strengthening their trust and security posture.

• Team culture: Join a collaborative, 24×7 follow-the-sun model where knowledge sharing and team support are key values.

Key tasks:

• Monitor security alerts 24×7 and perform initial analysis.

• Determine whether events are real threats (True Positive) or benign (False Positive).

• Create and maintain incident records in the incident response system.

• Escalate cases to senior analysts (L2/L3) according to procedures.

• Communicate with global customers during incident handling and provide status updates.

• Ensure proper shift handover and documentation discipline.

• Participate in continuous improvement by reporting false positives and suggesting detection refinements.

Requirements:

• At least 1 year in IT / Information Security / SOC (internship or commercial).

• Basic knowledge of Windows, Linux, macOS security mechanisms (authentication, access rights, event logs, system services).

• Understanding of TCP/IP, DNS, HTTP/HTTPS, VPN, proxies, firewalls; ability to analyze traffic basics and spot anomalies.

• Familiarity with cyber kill chain, MITRE ATT&CK techniques.

• Hands-on knowledge of at least one SIEM/XDR/EDR platform (queries, log filtering, suspicious activity detection).

• Skills in triaging alerts, distinguishing TP/FP, creating incident records, escalating to senior analysts.

• IOC enrichment (IP, domain, hash) using open-source tools (VirusTotal, WHOIS, AnyRun, AbuseIPDB).

• Analytical mindset, attention to detail, team-oriented, strong written communication.

• English B2+ (both written and spoken).

• Willingness to work in a 24×7 schedule (day/night shifts).

Nice to have:

• Practical labs and platforms: Hack The Box, TryHackMe, CyberDefenders, Blue Team Labs Online.

• Familiarity with detection content (Sigma/YARA rules, IOC management).

• Participation in CTFs or personal security projects.

• Your happiness is important to us. We want every single team member to be happy.
• Continuing professional development. At Group-IB, you can choose from various paths to growth: progress as an expert, advance to a management position, try your hand in another department, relocate abroad, or launch a new business area at Group-IB.
• A team with extensive international expertise. Do you have experience but are looking for exciting challenges? By choosing us, you will be choosing complex tasks and continuously improving your skills in a fast-growing international company.
• Globally recognized technologies. Group-IB's offices are located in seven countries and our products and services are sold in 60 countries. What’s more, Gartner, IDC, and Forrester have ranked our technologies among the best in their class. We work with over 450 international partners and about 500 clients.
• A culture created by each of us. Group-IB’s employees speak many different languages and understand one another. We respect each other's beliefs, share common values, and strive toward the happiness of every employee.
• Economic stability. Group-IB's sustainable growth helps rapidly develop careers that would take years to progress as far as most other companies.