# SOC Analyst L1

> CallTek · Philippines (Remote) · Full-time · Posted 2026-06-25

**Workplace:** remote

## Description

As a SOC Analyst L1, you will monitor and triage cybersecurity alerts from multiple sources (SIEM/EDR/network), determine whether activity is benign or suspicious, document evidence clearly, and escalate confirmed or potentially high-risk cases following playbooks and SLAs.

**Responsibilities:**

-   Monitor security events and alerts in SIEM and defensive tools; perform initial triage and classification (benign / false positive / suspicious / incident).
-   Collect and review basic evidence: endpoint telemetry, Windows/Linux logs, firewall/IDS, DNS/proxy; perform initial correlation (host/user/IP/IOC/process).
-   Execute runbooks/playbooks (e.g., password reset request, IOC block request, host isolation request) when authorized and aligned with procedures.
-   Create and maintain high-quality tickets with a clear narrative: what happened, supporting evidence, potential impact, actions taken, recommended next steps.
-   Escalate to L2/L3/IR when there is evidence of compromise, material risk, lateral movement, or uncertainty that requires deeper investigation.
-   Deliver structured shift handovers (case status, findings, hypotheses, next steps, blockers).
-   Meet operational SLAs and documentation of quality standards.

## Requirements

-   0–2 years in SOC/NOC/IT Security operations or equivalent hands-on experience demonstrated via labs/casework.
-   Solid fundamentals in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
-   Basic working knowledge of Windows and Linux (processes, authentication, logging concepts).
-   Ability to interpret log fields (source/destination, user, process, hash, URL, action, result).
-   Strong spoken and written English (minimum B2) — must be able to join technical calls and write clear tickets and summaries in English.
-   Strong attention to detail, structured thinking, prioritization, and ability to work under pressure and repetitive workflows without quality loss.
-   Experience with SIEM/EDR/IDS tools (e.g., Wazuh, Splunk, Sentinel, QRadar; Defender/CrowdStrike; Suricata/Snort). (Nice to have )
-   Basic query skills (KQL/SPL/Lucene/DQL) and familiarity with MITRE ATT&CK concepts. (Nice to have )
-   Entry-level certifications (e.g., Security+, BTL1, CySA+) or equivalent proof of competence. (Nice to have )

## Apply

[Apply at CallTek](https://apply.workable.com/staff4me/j/B57E3AD1FC/apply)

---
Powered by [Workable](https://www.workable.com)