Security Operator I

Position Overview:
Seeking a Security Operator I to join our Security Operations Center (SOC) team, focusing on incident response and threat detection. This role involves working with enterprise SIEM platforms, EDR solutions, and incident management tools to protect IBKR's global trading infrastructure.

Key Responsibilities:

Security Monitoring & Alert Triage

• Monitor security alerts generated by SIEM, EDR, email security, network, and cloud security tools
• Perform initial triage and validation of alerts to determine severity, scope, and potential impact
• Identify false positives and review tuning opportunities.

Incident Response Support

• Execute incident response playbooks for common attack scenarios such as phishing, malware, endpoint compromise, and suspicious logins
• Assist in containment and remediation actions under guidance from senior SOC or IR team members
• Participate in 247 SOC operations, including shift rotations and on-call coverage

Investigation & Analysis

• Perform log analysis across Windows, Linux, network, and security tool telemetry
• Validate Indicators of Compromise (IOCs) using internal tools and threat intelligence sources
• Support malware and phishing investigations through file, URL, and domain analysis

Incident Management & Documentation

• Create and maintain incident tickets in the incident management platform (e.g., ServiceNow)
• Document investigation steps, findings, evidence, and closure rationale clearly and accurately
• Follow SOC standards for documentation, escalation, and handover

Collaboration & Learning

• Work closely with senior analysts, incident responders.
• Continuously develop technical skills through hands-on investigations, training, and mentoring
• Stay current with common attack techniques and SOC best practices

Required Skills and Qualifications

• Technical Knowledge: Basic understanding of cybersecurity principles, networking protocols (TCP/IP), and Operating Systems (Linux/Windows).
• Tool Familiarity: Experience, training or understanding of Cyber Security Technologies such as SIEM, EDR, Email Security, Firewall, IDS/IPS, OWASP etc.

Analytical Skills: Ability to analyze large datasets to identify patterns.

Soft Skills: Strong communication skills, ability to work in a fast-paced environment, and a proactive mindset.

Education/Certification: Bachelor's degree in IT/Cybersecurity. certifications like CompTIA Security+, Certified Ethical Hacker (CEH) is a plus.

Experience: 2-5 years of handson experience in SOC or cybersecurity roles, with relevant certifications considered as a substitute for part of the experience requirement.

Technical Environment:

• SIEM platforms (SentinelOne/Splunk/MS Sentinel)
• EDR platforms (SentinelOne/MS Defender/Crowdstrike)
• Incident management systems

Work Requirements:

• Rotating shifts (24x7 SOC)
• Incident response handling
• Alert triage and escalation
• Documentation and reporting
• Team collaboration

Growth Path:

• Advanced IR certification support
• Threat hunting training
• Digital forensics exposure
• Technical skill development
• Analyst & Senior analyst progression

Company Benefits & Perks:

• Competitive salary package.
• Performance based annual bonus (cash and stocks).
• Hybrid working model (3 days office/week).
• Group Medical & Life Insurance.
• Modern offices with free amenities & fully stocked cafeterias.
• Monthly food card & company paid snacks.
• Hardship/shift allowance with company provided pickup & drop facility*
• Attractive employee referral bonus.
• Frequent company sponsored team building events and outings.

* Depending upon the shifts.

**The benefits package is subject to change at the management's discretion.