SOC Analyst

About Mobiz

Mobiz is a global technology services leader, Microsoft-aligned managed services and cloud solutions provider, empowering mid-market and enterprise organizations across North America and the Middle East. We deliver end-to-end IT operations, Modern Work and Security, Data and AI, cybersecurity, infrastructure, and digital transformation services—driving resilience, innovation, and measurable business impact at scale.

With a Solutions Partner designation and active pursuit of Azure Expert MSP status, Mobiz combines the agility of a boutique consultancy with the delivery rigor of a tier-1 integrator. Our NOC and SOC teams operate as the always-on backbone of client environments, monitoring thousands of endpoints, network nodes, and cloud workloads around the clock.

What Can You Expect?

Every day at Mobiz we work with a deep sense of purpose. We continuously innovate. Our mission is to empower our clients to do more through transformation. You’ll work in a collaborative environment alongside highly talented people that improve client operations and exceed expectations. We strive to simplify technology challenges, and no less.

Who Are We Looking For?

The SOC Analyst is an operational security team member within Mobiz’s 24×7 Security Operations Center (SOC), responsible for monitoring, triaging, and investigating cybersecurity alerts across managed client environments. This role is ideal for security professionals with foundational SOC or cybersecurity operations experience who are ready to strengthen their investigation and incident handling capabilities in a fast-paced MSSP environment.

The SOC Analyst works closely with SOC Engineers and the SOC Manager to identify suspicious activity, validate security incidents, escalate confirmed threats, and support incident response activities. The role involves daily interaction with Microsoft Sentinel, Microsoft Defender XDR, identity security tools, and endpoint protection platforms while following structured SOC processes and escalation procedures.

Key Responsibilities

Security Monitoring & Alert Triage

• Monitor SIEM, EDR, identity, and email security dashboards during assigned shifts using Microsoft Sentinel and Microsoft Defender XDR.
• Review and triage incoming security alerts according to severity, impact, and predefined response procedures.
• Perform initial investigations to determine whether alerts represent true positives or false positives.
• Escalate suspicious or confirmed incidents to SOC Engineers or the SOC Manager with supporting investigation details.
• Maintain accurate and timely documentation of all incidents and investigation activities in ServiceNow or equivalent ITSM tools.
  

Incident Investigation Support

• Assist with investigation of phishing, malware, ransomware, identity compromise, and suspicious authentication events.
• Analyze endpoint, email, and identity-related alerts from Microsoft Defender tools.
• Correlate logs and security events across multiple sources to identify attack patterns and affected assets.
• Support containment actions such as account disablement, email quarantine, and endpoint isolation under guidance from senior SOC staff.
• Collect and document indicators of compromise (IOCs), attack timelines, and investigation findings.
  
  

Threat Detection & Analysis

• Execute KQL-based log searches within Microsoft Sentinel to support alert validation and threat investigations.
• Monitor suspicious sign-in activity, risky users, MFA anomalies, and identity protection alerts in Microsoft Entra ID.
• Investigate phishing attempts, malicious attachments, spoofing indicators, and suspicious email activity in Microsoft Defender for Office 365.
• Support threat hunting activities by reviewing logs, identifying anomalies, and documenting findings.
• Stay updated on emerging cybersecurity threats, attacker techniques, and Microsoft security advisories.

Operational & Process Support

• Follow established SOC playbooks and incident response procedures consistently.
• Participate in shift handovers and communicate operational context for open incidents and ongoing investigations.
• Contribute to knowledge base articles, operational documentation, and investigation notes.
• Coordinate with NOC and infrastructure teams for incidents involving both security and operational impact.
• Assist in preparation of security reports and operational summaries for internal review.

Candidate Profile: Requirements & Preferred Qualifications

Required Qualifications

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field.
• 3-5 years of cybersecurity, SOC, IT support, or security operations experience.
• Basic hands-on exposure to SIEM platforms such as Microsoft Sentinel, Splunk, QRadar, or equivalent.
• Familiarity with Microsoft Defender for Endpoint (MDE) and Defender for Office 365 (MDO).
• Understanding of common cybersecurity threats including phishing, malware, ransomware, credential theft, and brute-force attacks.
• Basic understanding of MITRE ATT&CK framework concepts.
• Experience using ticketing or ITSM systems such as ServiceNow.
• Strong analytical and troubleshooting skills with attention to detail.
• Good written and verbal communication skills.
  

Preferred Qualifications

• Microsoft SC-200 certification or actively pursuing.
• Familiarity with KQL query writing for investigation purposes.
• Exposure to EDR/XDR tools such as CrowdStrike Falcon or SentinelOne.
• Basic scripting knowledge in PowerShell or Python.
• Understanding of Microsoft Entra ID, Conditional Access, and MFA security concepts.
• Exposure to SOAR or security automation workflows.
• Knowledge of email security analysis and phishing investigations.
• Familiarity with firewall or network security log analysis.
  

Core Technical Skill Set

• SIEM: Microsoft Sentinel, Splunk, QRadar (basic monitoring and investigation)
• EDR/XDR: Microsoft Defender for Endpoint, Defender XDR, CrowdStrike Falcon
• Identity Security: Microsoft Entra ID, MFA, Conditional Access, risky sign-in monitoring
• Email Security: Microsoft Defender for Office 365, phishing analysis, message trace
• ITSM: ServiceNow or equivalent ticketing systems
• Threat Analysis: IOC identification, alert correlation, basic log analysis
• Querying: KQL fundamentals
• Collaboration Tools: Microsoft Teams, Outlook, SharePoint
  

Core Competencies (Power Skills)

• Analytical Thinking
• Attention to Detail
• Incident Handling & Escalation
• Problem Solving
• Communication Skills
• Team Collaboration
• Time Management
• Adaptability in Fast-Paced Environments
• Ownership & Accountability
• Continuous Learning Mindset
  

What We Offer

• A team of bright, hard-working, and innovative people that will contribute to your growth.
• Competitive Salary and comprehensive benefits plan.
• A dynamic and collaborative work environment with opportunity to work with cutting-edge technology and innovative solutions.

Other
This is a full-time, on-site position based in Islamabad, Pakistan.

Equal Opportunity & Diversity Commitment

At Mobiz, we believe that diverse perspectives, experiences, and backgrounds strengthen our organization and drive innovation. We are committed to fostering an inclusive workplace where all employees are valued, respected, and empowered to succeed. As an equal opportunity employer, we make employment decisions based on qualifications, merit, and business needs, without regard to race, gender, age, religion, disability, national origin, or any other protected characteristic.

What Happens Next?

Thank you for your interest in becoming part of Mobiz. We are committed to attracting exceptional talent and building a team that drives innovation, excellence, and meaningful impact. Every application is reviewed with care and consideration. If your experience and qualifications are a match for the role, a member of our team will connect with you regarding the next stage of the hiring process.

We appreciate your interest in joining Mobiz and wish you success in your career endeavors.