Purpose of the Role:
Continuous monitoring of the company’s information security events, analysis of alerts, support for incident response, and maintaining the security posture of the infrastructure as part of the Security Operations Center (SOC), during afternoon and night shifts.

 

Main Responsibilities:

1. Monitoring and analysis of security events
• Continuous monitoring of security logs on the IBM QRadar SIEM platform.
• Prioritization, analysis, and validation of alerts.
• Offense handling.
• Investigation of suspicious activities (IOC, anomalies, brute force, phishing, lateral movement, malware activity).

 

2. Endpoint security tasks
• Handling and triaging CrowdStrike Falcon alerts.
• Analysis of suspicious processes, host behavior, and blocked activities.
• Initiating basic remediation steps (isolation, kill process, quarantine).

 

3. Vulnerability management support
• Reviewing Qualys Vulnerability Management reports and highlighting critical vulnerabilities.
• Interpreting scan results and forwarding them to responsible teams.
• Identifying deviations and recurring vulnerability patterns.

 

4. Incident handling
• First-level incident response (L1.5–L2):
• event categorization
• initial containment recommendations
• escalation to L2/L3 when necessary
• Creating, tracking, and documenting incident tickets – Jira / ServiceNow.

 

5. Daily SOC operational tasks
• Preparing shift handover reports.
• Reporting issues in rules / use cases if identified.
• Detecting and reporting trends and anomalies to the SOC lead.
• Participation in post-incident reviews (Post-Incident Review).

 

 

Requirements:

Professional knowledge
• Basic experience with SIEM systems – advantage: IBM QRadar.
• Knowledge of endpoint security tools – advantage: CrowdStrike Falcon.
• Fundamentals of vulnerability management – advantage: Qualys VM.
• Ability to identify security event types (malware, phishing, brute force, C2 activity, privilege escalation).
• Basic networking knowledge (TCP/IP, DNS, HTTP/S, VPN, proxy).
• Ability to interpret logs from Windows/Linux and other security systems.

 

Soft skills
• Strong problem recognition and analytical thinking.
• Precision and documentation discipline.
• Ability to work independently in night/afternoon shifts.
• Communication with L2/L3 teams.

 

Experience level
• Senior or highly specialized level is not required.
• 0.5–2 years of SOC / IT security / IT operations experience is an advantage, but junior candidates with strong fundamentals are also suitable.

 

Shift schedule
• Afternoon shift: 16:30 – 01:00
• Night shift: 00:30 – 09:00
• 12-hour weekend shifts

 

Benefits
• Use of enterprise-grade technologies (QRadar, Falcon, Qualys).
• Real incident response experience.
• Fast professional growth opportunity in a SOC environment.
• Supportive L2/L3 background team.

 

Application: HR@socurity.hu