SOC Analyst Job Descriptions

SOC Analyst L1 (Microsoft Sentinel & Defender Specialist)

Location: Hybrid – 2-3 days onsite in Hong Kong, remainder remote
Contract Duration: Initial 6-month contract

Job Summary:
SOCHK is seeking a motivated and detail-oriented SOC Analyst L1 with foundational experience in Microsoft Sentinel and the Microsoft Defender suite. This entry-level role is ideal for candidates looking to grow their cybersecurity career in a dynamic SOC environment. The successful candidate will be responsible for monitoring, triaging, and escalating security alerts, supporting incident response efforts, and maintaining situational awareness across the enterprise.

Key Responsibilities:
Security Monitoring & Alert Triage
– Monitor security alerts and events using Microsoft Sentinel and Defender XDR.
– Perform initial triage of alerts to determine severity, impact, and urgency.
– Escalate validated incidents to L2 analysts with detailed context and findings.

Incident Response Support
– Assist in containment and remediation efforts under guidance from L2 analysts.
– Document incident timelines, actions taken, and outcomes.
– Maintain accurate and timely incident records in ticketing systems.

Telemetry & Data Source Awareness
– Understand basic telemetry sources (endpoint, identity, cloud) and their relevance to security monitoring.
– Validate log ingestion and parsing issues and report anomalies to engineering teams.

Use Case & Rule Validation
– Test and validate new detection rules and analytics created by L2/L3 teams.
– Provide feedback on false positives and rule tuning opportunities.

Threat Intelligence & Enrichment
– Apply basic threat intelligence to enrich alerts (IP reputation, domain analysis, etc.).
– Stay updated on emerging threats and common attack vectors relevant to the environment.

Documentation & Reporting
– Maintain shift logs, alert handling documentation, and escalation procedures.
– Generate daily summaries of SOC activities and notable events.

Qualifications:
– 1+ years of experience in a SOC or cybersecurity operations role.
– Familiarity with Microsoft Sentinel, Defender for Endpoint, Defender for Identity, and Defender for Cloud.
– Basic understanding of SIEM, XDR, and MITRE ATT&CK framework.
– Strong analytical and communication skills.
– Willingness to work in a fast-paced, shift-based environment.

Preferred Certifications:
– Microsoft SC-200: Microsoft Security Operations Analyst
– CompTIA Security+, or equivalent entry-level security certification

SOC Analyst L2 (Microsoft Sentinel & Defender Specialist)

Location: Hybrid – 2–3 days onsite in Hong Kong, remainder remote
Contract Duration: Initial 6-month contract

Job Summary:
SOCHK is seeking an experienced SOC L2 Analyst with strong engineering skills and deep expertise in Microsoft Sentinel and the Microsoft Defender suite. The successful candidate will lead advanced threat detection, incident response, detection engineering, and platform optimization efforts, while supporting SIEM integration and automation initiatives.

Key Responsibilities:
Advanced Threat Detection & Incident Response
– Investigate and analyze complex security incidents escalated from L1 SOC analysts
– Conduct incident response using Microsoft Sentinel and Defender XDR
– Correlate telemetry across network, endpoint, identity, and cloud sources

Threat Hunting & Detection Engineering
– Perform proactive threat hunting using KQL in Microsoft Sentinel
– Develop and fine-tune custom analytics rules, workbooks, and Hunting queries
– Apply MITRE ATT&CK framework to improve detection coverage

Security Engineering & Platform Management
– Onboard and integrate new data sources into Microsoft Sentinel
– Build and manage data connectors, parsers, and normalization schemas
– Collaborate with infrastructure and cloud teams to ensure telemetry coverage

License Usage Monitoring & Optimization
– Monitor Sentinel and Defender license consumption
– Analyze ingestion volumes and ensure compliance with license limits
– Recommend strategies to optimize cost and maintain visibility

Automation & Response
– Design and implement automated response workflows using Sentinel Playbook (Logic Apps), automation runbook and etc.
– Develop SOAR integrations to improve response efficiency

Documentation & Reporting
– Produce incident reports and root cause analyses
– Maintain technical documentation for use cases, configurations, response procedures and data source onboarding.
– Generate dashboards and reports for SOC leadership and compliance stakeholders.

Qualifications:
– 3+ years of experience in SOC or cybersecurity operations
– Hands-on experience with Microsoft Sentinel and Defender suite
– Proficiency in KQL and familiarity with MITRE ATT&CK
– Strong analytical and communication skills

Preferred Certifications:
– Microsoft SC-200: Security Operations Analyst
– Microsoft SC-100: Cybersecurity Architect (preferred)
– Other relevant certifications (e.g., GIAC, CompTIA CySA+)