BCBUZZ TECHNOLOGIES Private Limited
Visit

SOC L1 Trainee / Intern

Immediate Joiner · 2025 / 2026 Cybersecurity Graduates
Role SOC — L1 Trainee / Intern
Shift Rotational Shift
Location 100% on-site @Eachanari, Coimbatore
Eligibility 2025 / 2026 Cybersecurity Graduates
Interview Date
15th Dec onwards (Daily)
Invite will be emailed
Prepare your CV and be ready for a technical screening and a short communication round.

What we look for

  • Cybersecurity / SOC domain awareness.
  • Good communication & reporting skills.
  • Flexible to work in rotational shifts.

Job Description — SOC Level 1 (Trainee / Intern)

Role summary

As a SOC L1 Trainee you will monitor security alerts, perform initial triage and escalate incidents to senior SOC engineers. This is an entry-level role focused on learning SOC processes, tools, and operational discipline while supporting 24x7 operations.

Key responsibilities
  • Continuous monitoring of SIEM dashboards and security alerts (24x7 rotational shifts).
  • Alert triage: validate events, perform initial investigation, classify false positives vs real incidents.
  • Escalate incidents to L2/L3 with structured findings and supporting evidence (logs, packet captures, timelines).
  • Maintain incident logs, tickets, and update dashboards (Jira/Ticketing).
  • Follow runbooks and playbooks for common detections (malware, suspicious logins, lateral movement, data exfiltration, web attacks).
  • Basic log analysis across Windows, Linux, network devices and cloud logs.
  • Contribute to daily shift handover notes and shift reports.
  • Participate in periodic drills and tabletop incident response exercises and improvement retro sessions.
Must-have skills & knowledge
  • Strong interest in cybersecurity, basic familiarity with SOC concepts (IDS/IPS, SIEM, EDR).
  • Comfortable reading logs, understanding IP addresses, ports, basic protocols (HTTP, DNS, SMTP).
  • Familiarity with Windows and Linux basics, file systems, event logs, and processes.
  • Basic understanding of networking (TCP/IP, routing, NAT) and common attack techniques (phishing, brute-force, SQLi basics).
  • Good written and verbal communication for reporting incidents and follow-ups.
  • Willingness to learn, follow instructions, and work rotational shifts.
Nice-to-have / desirable
  • Hands-on with any SIEM (Splunk, ELK/Elastic, QRadar, Azure Sentinel) or EDR tools (CrowdStrike, Carbon Black, SentinelOne).
  • Basic scripting (Python, Bash) to automate simple log parsing tasks.
  • Certifications in progress: CompTIA Security+, CEH (student), or vendor SIEM badges.
  • Previous internships or labs in incident analysis, threat hunting or network monitoring.
Common tools & platform exposure
SIEM — Splunk / ELK / QRadar / Azure Sentinel
Endpoint — CrowdStrike / SentinelOne / Carbon Black
Network — Zeek / Suricata / IDS
Ticketing — Jira / ServiceNow
Cloud logs — AWS CloudWatch / Azure Monitor / GCP Logging
Packet analysis — Wireshark
Scripting — Python / Bash (basic)
OS — Windows & Linux
Metrics / KPIs for the role
KPITarget (example)
Mean Time to Triage (MTT)< 15 minutes for high priority alerts
False Positive Rate< 30% (improve via tuning)
Escalation Accuracy> 90% correct escalations
Shift Handover Completeness100% documented handovers
Interview process & selection
Process
  1. CV Screening — Evaluate academic background, projects, labs & CTFs.
  2. Technical Interview — Concept and scenario based (SIEM basics, log interpretation, incident flow).
  3. Shortlist — Candidates selected for the trainee cohort.
  4. Onboard as Trainee — Training fees applicable and 100% refundable upon successful completion.
  5. Internship — Live SOC operations post-training.
  6. Placement support / Full-time offer — Based on performance and assessment.
Onboarding & training plan (for trainees) — Experiential model
Phase 1: Foundations & Tool Immersion
  • SOC fundamentals: SIEM, EDR, IDS/IPS, threat intelligence, log pipelines.
  • Hands-on orientation with Splunk / ELK dashboards, endpoint agents, ticketing systems.
  • Guided labs using real-world log datasets (Windows Event logs, Linux auth logs, web server logs, cloud logs).
  • Introduction to alert categories, severity levels, and incident classification frameworks.
Phase 2: Real-Time SOC Exposure (Shadowing)
  • Live shadowing of SOC analysts during rotational shifts.
  • Observe real-time alert queues, triage decisions, and escalation workflows.
  • Perform supervised triage on low-risk alerts and document actions.
  • Follow runbooks for common detections: suspicious login, malware alert, brute-force attempts.
Phase 3: Guided Triage & Simulated Incidents
  • Controlled attack simulations: SSH brute-force, phishing, suspicious script execution, lateral movement.
  • Mentor-reviewed investigations with structured feedback loops.
  • Trainees prepare 3–5 incident analysis reports to demonstrate learning.
Phase 4: Independent Triage & SOC Role Readiness
  • Independent triage of low-to-medium severity alerts with reduced supervision.
  • Mock SOC handovers, incident documentation, and basic alert tuning under guidance.
  • Communication drills: escalation calls, incident walkthroughs, and report writing.
Post-Training: Internship Phase (Live Operations)
  • Assigned to live SOC operations team and handle selected real-time alerts with mentor oversight.
  • Participate in weekly blue-team labs, threat intel briefings, and SOC improvement sessions.
  • Performance measured on KPIs: triage accuracy, response time, documentation quality.
Continuous Experiential Learning
  • Monthly cyber drills, CTFs, cyber range access for malware analysis and packet forensics.
  • Optional rotations into VAPT, Incident Response and Cloud Security based on performance.
  • Eligibility for full-time SOC L1 offer after successful internship assessment.
Apply Now
Tip: Keep a short CV (1–2 pages) listing projects, labs, CTFs, and relevant coursework.