Monitor alerts from SIEM, EDR, Email Security, and other security platforms for potential incidents.

Perform initial triage of security alerts — determine severity, verify legitimacy, and classify the incident type.

Conduct basic investigation of suspicious activity such as phishing, malware infection, or unauthorized access attempts.

Escalate validated incidents to Incident Response L2/L3 for in-depth analysis and containment.

Document all actions in incident tracking systems (e.g., ServiceNow, JIRA, SOAR platforms).

Assist in executing first-level containment actions, such as isolating endpoints or disabling compromised accounts (based on defined SOPs).

Coordinate with SOC teams to ensure timely alert response and incident closure.

Participate in post-incident reviews to identify improvements in detection and response processes.

Maintain awareness of emerging threats and contribute to continuous process improvement.