Cybersecurity Triage Analyst/Remote
Posted 1 week ago by Apetan Consulting
Negotiable
Undetermined
Remote
Remote
Summary: The Cybersecurity Triage Analyst plays a crucial role in the Security Operations Center (SOC) by conducting the initial review, classification, and prioritization of security alerts and incidents. This position serves as the first line of defense against potential threats, ensuring they are promptly identified, assessed, and escalated as needed. The analyst is responsible for maintaining accurate records and collaborating with other teams for effective incident resolution.
Key Responsibilities:
- Monitor security tools (SIEM, EDR, IDS/IPS) for alerts and suspicious activity
- Perform initial triage and analysis of security events and incidents
- Classify alerts based on severity, impact, and urgency
- Investigate false positives and document findings
- Escalate confirmed or high-risk incidents to senior analysts or incident response teams
- Maintain accurate records of incidents, actions taken, and outcomes
- Follow standard operating procedures (SOPs) and playbooks
- Collaborate with other security and IT teams for incident resolution
- Continuously improve triage processes and detection efficiency
Key Skills:
- Basic understanding of cybersecurity concepts (network security, malware, phishing, etc.)
- Familiarity with security tools like SIEM (e.g., Splunk, QRadar), EDR, firewalls
- Knowledge of networking fundamentals (TCP/IP, DNS, HTTP)
- Strong analytical and problem-solving skills
- Ability to prioritize and handle multiple alerts simultaneously
- Good written and verbal communication skills
- Attention to detail and documentation discipline
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Job Title: Cybersecurity Triage Analyst
Role Summary:
The Cybersecurity Triage Analyst is responsible for the initial review, classification, and prioritization of security alerts and incidents. This role acts as the first line of defense in a Security Operations Center (SOC), ensuring potential threats are quickly identified, assessed, and escalated when necessary.
Key Responsibilities:
- Monitor security tools (SIEM, EDR, IDS/IPS) for alerts and suspicious activity
- Perform initial triage and analysis of security events and incidents
- Classify alerts based on severity, impact, and urgency
- Investigate false positives and document findings
- Escalate confirmed or high-risk incidents to senior analysts or incident response teams
- Maintain accurate records of incidents, actions taken, and outcomes
- Follow standard operating procedures (SOPs) and playbooks
- Collaborate with other security and IT teams for incident resolution
- Continuously improve triage processes and detection efficiency
Required Skills & Qualifications:
- Basic understanding of cybersecurity concepts (network security, malware, phishing, etc.)
- Familiarity with security tools like SIEM (e.g., Splunk, QRadar), EDR, firewalls
- Knowledge of networking fundamentals (TCP/IP, DNS, HTTP)
- Strong analytical and problem-solving skills
- Ability to prioritize and handle multiple alerts simultaneously
- Good written and verbal communication skills
- Attention to detail and documentation discipline
Preferred Qualifications:
- Bachelor’s degree in Cybersecurity, IT, or related field
- Certifications such as CompTIA Security+, CEH, or similar
- Internship or prior experience in SOC or IT support
- Understanding of threat intelligence and MITRE ATT&CK framework
Key Metrics / KPIs:
- Alert response time
- Accuracy of triage (false positive vs. true positive rate)
- Incident escalation quality
- Documentation completeness