Monitor security events and alerts from SIEM tools like Azure Sentinel and other security tools.
Perform initial triage of security alerts (L1 analysis) to identify false positives vs genuine incidents.
Support investigation of security incidents by collecting and analysing log data from: Endpoints, servers, firewalls, and network devices Cloud resources (primarily Microsoft Azure)
Use basic KQL (Kusto Query Language) queries in Microsoft Sentinel to search, filter, and analyse security logs.
Escalate potential security incidents to senior SOC analysts as per defined incident response procedures.
Document findings, investigation steps, and resolutions in SOC tickets / incident tracking systems.